MidnightBSD

Advisories for openpkg

CVE-2002-0083 HIGH

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
openpkg openpkg 1.0
mandrakesoft mandrake_linux 7.1
suse suse_linux 7.0
conectiva linux 5.1
immunix immunix 7.0
mandrakesoft mandrake_linux_corporate_server 1.0.1
suse suse_linux 7.2
mandrakesoft mandrake_linux 8.1
suse suse_linux 7.3
trustix secure_linux 1.2
redhat linux 7.1
conectiva linux 6.0
conectiva linux 7.0
suse suse_linux 7.1
conectiva linux graficas
redhat linux 7.2
mandrakesoft mandrake_linux 8.0
conectiva linux 5.0
openbsd openssh *
suse suse_linux 6.4
trustix secure_linux 1.1
mandrakesoft mandrake_single_network_firewall 7.2
mandrakesoft mandrake_linux 7.2
engardelinux secure_linux 1.0.1
trustix secure_linux 1.5
conectiva linux ecommerce
redhat linux 7.0
CVE-2002-0985 HIGH

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-88,

Products Affected

Vendor Product Version
php php *
openpkg openpkg 1.2
openpkg openpkg 1.1
CVE-2003-0147 MEDIUM

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stunnel stunnel 3.22
openssl openssl 0.9.7a
stunnel stunnel 4.01
stunnel stunnel 4.0
openssl openssl 0.9.6c
openssl openssl 0.9.6d
stunnel stunnel 3.13
openssl openssl 0.9.6
openssl openssl 0.9.6i
stunnel stunnel 3.7
openpkg openpkg 1.2
stunnel stunnel 3.17
stunnel stunnel 3.19
stunnel stunnel 3.21
stunnel stunnel 3.12
stunnel stunnel 3.14
stunnel stunnel 3.10
stunnel stunnel 3.9
stunnel stunnel 4.03
stunnel stunnel 4.04
openssl openssl 0.9.6a
openssl openssl 0.9.6b
openssl openssl 0.9.6g
openssl openssl 0.9.6e
openssl openssl 0.9.6h
stunnel stunnel 3.20
stunnel stunnel 3.8
openpkg openpkg *
stunnel stunnel 3.16
stunnel stunnel 3.15
openssl openssl 0.9.7
stunnel stunnel 3.11
stunnel stunnel 3.18
stunnel stunnel 4.02
openpkg openpkg 1.1
CVE-2003-0190 MEDIUM

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
openbsd openssh 3.4p1
openbsd openssh 3.6.1p1
openbsd openssh 3.6.1
siemens scalance_x204rna_ecc_firmware *
openbsd openssh *
siemens scalance_x204rna_firmware *
openpkg openpkg 1.3
openpkg openpkg 1.2
CVE-2003-0615 MEDIUM

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cgi.pm cgi.pm 2.78
openpkg openpkg current
cgi.pm cgi.pm 2.753
openpkg openpkg 1.3
openpkg openpkg 1.2
cgi.pm cgi.pm 2.79
cgi.pm cgi.pm 2.74
cgi.pm cgi.pm 2.75
cgi.pm cgi.pm 2.76
cgi.pm cgi.pm 2.93
debian debian_linux 3.0
cgi.pm cgi.pm 2.751
cgi.pm cgi.pm 2.73
CVE-2004-0333 HIGH

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
uudeview uudeview 0.5.18
openpkg openpkg *
uudeview uudeview 0.5.19
winzip winzip 8.1
winzip winzip 7.0
gentoo linux 1.4
winzip winzip 8.0
CVE-2004-0413 HIGH

libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
subversion subversion 1.0.3
subversion subversion 1.0.2
openpkg openpkg *
openpkg openpkg 2.0
subversion subversion 1.0
subversion subversion 1.0.1
subversion subversion 1.0.4
CVE-2004-0414 HIGH

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.12.1
cvs cvs 1.11.2
cvs cvs 1.11.11
cvs cvs 1.11.1
openpkg openpkg 2.0
openpkg openpkg 1.3
cvs cvs 1.11.15
cvs cvs 1.12.8
cvs cvs 1.12.2
cvs cvs 1.11.14
cvs cvs 1.11.5
cvs cvs 1.11.6
gentoo linux 1.4
cvs cvs 1.11.10
openbsd openbsd 3.4
sgi propack 3.0
openbsd openbsd *
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.3
cvs cvs 1.12.7
cvs cvs 1.12.5
cvs cvs 1.11.1_p1
cvs cvs 1.10.8
cvs cvs 1.11.4
cvs cvs 1.11.16
openbsd openbsd 3.5
cvs cvs 1.11
CVE-2004-0416 HIGH

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.12.1
cvs cvs 1.11.2
cvs cvs 1.11.11
cvs cvs 1.11.1
openpkg openpkg 2.0
openpkg openpkg 1.3
cvs cvs 1.11.15
cvs cvs 1.12.8
cvs cvs 1.12.2
cvs cvs 1.11.14
cvs cvs 1.11.5
cvs cvs 1.11.6
gentoo linux 1.4
cvs cvs 1.11.10
openbsd openbsd 3.4
sgi propack 3.0
openbsd openbsd *
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.3
cvs cvs 1.12.7
cvs cvs 1.12.5
cvs cvs 1.11.1_p1
cvs cvs 1.10.8
cvs cvs 1.11.4
cvs cvs 1.11.16
openbsd openbsd 3.5
cvs cvs 1.11
CVE-2004-0417 MEDIUM

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.12.1
cvs cvs 1.11.2
cvs cvs 1.11.11
cvs cvs 1.11.1
openpkg openpkg 2.0
openpkg openpkg 1.3
cvs cvs 1.11.15
cvs cvs 1.12.8
cvs cvs 1.12.2
cvs cvs 1.11.14
cvs cvs 1.11.5
cvs cvs 1.11.6
gentoo linux 1.4
cvs cvs 1.11.10
openbsd openbsd 3.4
sgi propack 3.0
openbsd openbsd *
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.3
cvs cvs 1.12.7
cvs cvs 1.12.5
cvs cvs 1.11.1_p1
cvs cvs 1.10.8
cvs cvs 1.11.4
cvs cvs 1.11.16
openbsd openbsd 3.5
cvs cvs 1.11
CVE-2004-0418 HIGH

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.12.1
cvs cvs 1.11.2
cvs cvs 1.11.11
cvs cvs 1.11.1
openpkg openpkg 2.0
openpkg openpkg 1.3
cvs cvs 1.11.15
cvs cvs 1.12.8
cvs cvs 1.12.2
cvs cvs 1.11.14
cvs cvs 1.11.5
cvs cvs 1.11.6
gentoo linux 1.4
cvs cvs 1.11.10
openbsd openbsd 3.4
sgi propack 3.0
openbsd openbsd *
cvs cvs 1.10.7
openpkg openpkg *
cvs cvs 1.11.3
cvs cvs 1.12.7
cvs cvs 1.12.5
cvs cvs 1.11.1_p1
cvs cvs 1.10.8
cvs cvs 1.11.4
cvs cvs 1.11.16
openbsd openbsd 3.5
cvs cvs 1.11
CVE-2004-0421 MEDIUM

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libpng libpng 1.0.0
libpng libpng 1.0.8
libpng libpng 1.0.10
openpkg openpkg 2.0
trustix secure_linux 2.0
openpkg openpkg 1.3
libpng libpng 1.0.9
redhat enterprise_linux 3.0
libpng libpng 1.0.7
libpng libpng 1.0.14
libpng libpng 1.2.5
libpng libpng 1.0.5
libpng libpng 1.2.2
libpng libpng 1.2.4
libpng libpng 1.0.6
libpng libpng 1.0.13
redhat libpng 1.2.2-20
libpng libpng 1.2.0
trustix secure_linux 2.1
redhat libpng 1.2.2-16
libpng libpng 1.2.1
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux 2.1
libpng libpng 1.0.11
libpng libpng 1.2.3
libpng libpng 1.0.12
CVE-2004-0594 MEDIUM

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
trustix secure_linux 2.1
php php 5.0.0
avaya converged_communications_server 2.0
openpkg openpkg 2.0
hp hp-ux b.11.22
trustix secure_linux 2.0
hp hp-ux b.11.11
hp hp-ux b.11.23
openpkg openpkg 2.1
hp hp-ux b.11.00
debian debian_linux 3.0
php php *
trustix secure_linux 1.5
CVE-2004-0772 HIGH

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
mit kerberos_5 *
openpkg openpkg 2.1
debian debian_linux 3.0
openpkg openpkg 2.0
CVE-2004-0918 MEDIUM

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
squid squid 3.0_pre3
squid squid 2.3_.stable5
squid squid 2.1_patch2
trustix secure_linux 2.0
squid squid 2.0_patch2
squid squid 2.5_.stable5
redhat fedora_core core_2.0
openpkg openpkg 2.2
squid squid 2.3_.stable4
squid squid 2.4_.stable7
squid squid 2.4_.stable2
squid squid 2.4_.stable6
squid squid 3.0_pre1
openpkg openpkg current
gentoo linux *
trustix secure_linux 2.1
squid squid 2.5_.stable6
squid squid 2.5_.stable3
squid squid 2.5_.stable1
squid squid 2.5_.stable4
ubuntu ubuntu_linux 4.1
squid squid 2.4
openpkg openpkg 2.1
squid squid 3.0_pre2
trustix secure_linux 1.5
CVE-2004-0940 MEDIUM

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-131,

Products Affected

Vendor Product Version
slackware slackware_linux 10.0
slackware slackware_linux 8.1
openpkg openpkg 2.0
hp hp-ux 11.22
suse suse_linux 9.2
hp hp-ux 11.11
slackware slackware_linux 9.1
suse suse_linux 8.0
openpkg openpkg 2.2
slackware slackware_linux 8.0
openpkg openpkg 2.1
suse suse_linux 8.2
suse suse_linux 9.1
suse suse_linux 8.1
hp hp-ux 11.20
apache http_server *
hp hp-ux 11.00
suse suse_linux 9.0
trustix secure_linux 1.5
slackware slackware_linux 9.0
slackware slackware_linux current
CVE-2004-0957 MEDIUM

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql 3.23.28
oracle mysql 4.0.10
oracle mysql 4.0.1
oracle mysql 3.22.28
oracle mysql 3.23.42
oracle mysql 3.20.32a
trustix secure_linux 2.0
suse suse_linux 9.2
oracle mysql 3.23.33
oracle mysql 3.23.48
oracle mysql 3.23.23
oracle mysql 3.23.58
oracle mysql 4.0.8
oracle mysql 3.23.46
oracle mysql 3.23.59
oracle mysql 3.23.37
suse suse_linux 8.1
oracle mysql 3.23.22
oracle mysql 3.22.29
oracle mysql 3.22.27
oracle mysql 4.0.3
oracle mysql 3.21
oracle mysql 3.23.43
oracle mysql 3.23.38
oracle mysql 3.23.45
openpkg openpkg current
oracle mysql 3.23.5
oracle mysql 3.22.26
oracle mysql 4.0.13
oracle mysql 3.23.55
oracle mysql 4.0.11
oracle mysql 3.23.47
oracle mysql 3.23.9
oracle mysql 3.22
oracle mysql 3.23.41
redhat enterprise_linux_desktop 3.0
oracle mysql 3.23.44
suse suse_linux 8.0
oracle mysql 4.0.5
oracle mysql 3.23.32
oracle mysql 4.0.20
suse suse_linux 9.1
oracle mysql 3.23.4
oracle mysql 3.23.51
oracle mysql 3.23.54
trustix secure_linux 1.5
oracle mysql 3.23.8
oracle mysql 3.23.31
oracle mysql 3.23.34
oracle mysql 3.23.27
oracle mysql 3.23.36
oracle mysql 4.0.7
oracle mysql 3.23.30
oracle mysql 4.0.4
oracle mysql 3.23.40
oracle mysql 3.23.54a
redhat enterprise_linux 3.0
oracle mysql 3.23
oracle mysql 3.23.10
openpkg openpkg 2.2
oracle mysql 3.23.25
oracle mysql 3.23.52
oracle mysql 3.23.26
oracle mysql 3.22.30
oracle mysql 4.0.6
oracle mysql 3.23.53a
oracle mysql 4.0.18
oracle mysql 3.23.24
oracle mysql 4.0.0
trustix secure_linux 2.1
oracle mysql 3.23.49
oracle mysql 4.0.12
oracle mysql 3.22.32
ubuntu ubuntu_linux 4.1
oracle mysql 3.23.2
oracle mysql 3.23.3
oracle mysql 3.23.56
oracle mysql 4.0.15
oracle mysql 3.23.39
oracle mysql 4.0.2
oracle mysql 4.0.5a
openpkg openpkg 2.1
suse suse_linux 8.2
oracle mysql 3.23.50
oracle mysql 4.0.9
oracle mysql 3.23.29
suse suse_linux 9.0
oracle mysql 3.23.53
oracle mysql 3.20
oracle mysql 4.0.14
CVE-2004-0990 HIGH

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gd_graphics_library gdlib 2.0.15
gd_graphics_library gdlib 1.8.4
trustix secure_linux 2.0
suse suse_linux 9.2
gd_graphics_library gdlib 2.0.22
trustix secure_linux 2.2
openpkg openpkg 2.2
suse suse_linux 8.1
gd_graphics_library gdlib 2.0.21
gd_graphics_library gdlib 2.0.20
gd_graphics_library gdlib 2.0.23
gd_graphics_library gdlib 2.0.28
openpkg openpkg current
gentoo linux *
trustix secure_linux 2.1
gd_graphics_library gdlib 2.0.27
suse suse_linux 8.0
openpkg openpkg 2.1
gd_graphics_library gdlib 2.0.1
suse suse_linux 8.2
suse suse_linux 9.1
gd_graphics_library gdlib 2.0.26
suse suse_linux 9.0
trustix secure_linux 1.5
CVE-2004-1011 HIGH

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.6
openpkg openpkg current
trustix secure_linux 2.1
conectiva linux 9.0
carnegie_mellon_university cyrus_imap_server 2.2.4
trustix secure_linux 2.0
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.7
carnegie_mellon_university cyrus_imap_server 2.1.9
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
trustix secure_linux 2.2
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.1.10
redhat fedora_core core_3.0
conectiva linux 10.0
carnegie_mellon_university cyrus_imap_server 2.1.7
CVE-2004-1012 HIGH

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.6
openpkg openpkg current
trustix secure_linux 2.1
conectiva linux 9.0
carnegie_mellon_university cyrus_imap_server 2.2.4
trustix secure_linux 2.0
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.7
carnegie_mellon_university cyrus_imap_server 2.1.9
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
trustix secure_linux 2.2
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.1.10
redhat fedora_core core_3.0
conectiva linux 10.0
carnegie_mellon_university cyrus_imap_server 2.1.7
CVE-2004-1013 HIGH

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.6
openpkg openpkg current
trustix secure_linux 2.1
conectiva linux 9.0
carnegie_mellon_university cyrus_imap_server 2.2.4
trustix secure_linux 2.0
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.7
carnegie_mellon_university cyrus_imap_server 2.1.9
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
trustix secure_linux 2.2
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.1.10
redhat fedora_core core_3.0
conectiva linux 10.0
carnegie_mellon_university cyrus_imap_server 2.1.7
CVE-2004-1019 HIGH

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
php php 3.0.15
php php 4.2.0
php php 4.3.4
php php 5.0
php php 4.1.0
php php 4.2.3
php php 4.3.5
php php 4.0.4
php php 5.0.0
php php 3.0.3
php php 3.0.14
php php 3.0.8
trustix secure_linux 2.0
php php 3.0.9
php php 4.3.9
php php 3.0.6
php php 4.0.2
php php 3.0.10
openpkg openpkg current
php php 4.0.3
php php 3.0.16
php php 3.0.18
php php 5.0.1
php php 4.0
php php 3.0.2
php php 4.0.6
php php 3.0.13
php php 4.3.1
php php 4.0.7
php php 4.3.3
php php 4.1.2
php php 4.0.5
php php 4.2
php php 4.0.1
php php 4.3.0
php php 3.0.1
php php 4.3.2
php php 3.0.4
php php 3.0.12
php php 3.0.17
php php 4.3.6
trustix secure_linux 2.2
openpkg openpkg 2.2
php php 4.1.1
php php 3.0.11
php php 3.0.5
php php 3.0
trustix secure_linux 2.1
ubuntu ubuntu_linux 4.1
php php 3.0.7
php php 4.2.1
php php 5.0.2
php php 4.2.2
openpkg openpkg 2.1
php php 4.3.7
php php 4.3.8
CVE-2004-1065 HIGH

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php php 3.0.15
php php 4.2.0
php php 4.3.4
php php 5.0
php php 4.1.0
php php 4.2.3
php php 4.3.5
php php 4.0.4
php php 5.0.0
php php 3.0.3
php php 3.0.14
php php 3.0.8
trustix secure_linux 2.0
php php 3.0.9
php php 4.3.9
php php 3.0.6
php php 4.0.2
php php 3.0.10
openpkg openpkg current
php php 4.0.3
php php 3.0.16
php php 3.0.18
php php 5.0.1
php php 4.0
php php 3.0.2
php php 4.0.6
php php 3.0.13
php php 4.3.1
php php 4.0.7
php php 4.3.3
php php 4.1.2
php php 4.0.5
php php 4.2
php php 4.0.1
php php 4.3.0
php php 3.0.1
php php 4.3.2
php php 3.0.4
php php 3.0.12
php php 3.0.17
php php 4.3.6
trustix secure_linux 2.2
openpkg openpkg 2.2
php php 4.1.1
php php 3.0.11
php php 3.0.5
php php 3.0
trustix secure_linux 2.1
ubuntu ubuntu_linux 4.1
php php 3.0.7
php php 4.2.1
php php 5.0.2
php php 4.2.2
openpkg openpkg 2.1
php php 4.3.7
php php 4.3.8
CVE-2004-1471 HIGH

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
freebsd freebsd 4.2
cvs cvs 1.11.2
cvs cvs 1.11.1
openpkg openpkg 2.0
cvs cvs 1.11.15
freebsd freebsd 5.0
freebsd freebsd 4.5
freebsd freebsd 2.0
freebsd freebsd 2.2.6
cvs cvs 1.12.8
freebsd freebsd 3.0
freebsd freebsd 4.0
cvs cvs 1.12.2
freebsd freebsd 3.4
cvs cvs 1.11.5
cvs cvs 1.11.6
freebsd freebsd 2.1.7.1
gentoo linux 1.4
openbsd openbsd 3.4
freebsd freebsd 5.2
openpkg openpkg current
freebsd freebsd 3.3
freebsd freebsd 4.4
cvs cvs 1.10.7
freebsd freebsd 2.1.6.1
cvs cvs 1.11.3
cvs cvs 1.12.7
cvs cvs 1.11.1_p1
freebsd freebsd 4.9
freebsd freebsd 2.2.4
freebsd freebsd 2.2.5
cvs cvs 1.10.8
freebsd freebsd 4.1.1
cvs cvs 1.11.16
openbsd openbsd 3.5
freebsd freebsd 3.5.1
freebsd freebsd 4.1
cvs cvs 1.12.1
freebsd freebsd 3.1
freebsd freebsd 4.6
freebsd freebsd 4.10
cvs cvs 1.11.11
freebsd freebsd 2.0.5
freebsd freebsd 2.1.0
openpkg openpkg 1.3
freebsd freebsd 2.2.3
freebsd freebsd 1.1.5.1
cvs cvs 1.11.14
freebsd freebsd 3.2
freebsd freebsd 2.2
cvs cvs 1.11.10
freebsd freebsd 4.8
freebsd freebsd 5.1
sgi propack 3.0
openbsd openbsd current
freebsd freebsd 2.1.5
freebsd freebsd 2.1.6
freebsd freebsd 4.6.2
freebsd freebsd 2.2.8
cvs cvs 1.12.5
freebsd freebsd 4.7
freebsd freebsd 5.2.1
cvs cvs 1.11.4
freebsd freebsd 4.3
freebsd freebsd 2.2.2
freebsd freebsd 3.5
cvs cvs 1.11
CVE-2004-1997 MEDIUM

Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kolab kolab_groupware_server 1.0.8
kolab kolab_groupware_server 1.0.5
kolab kolab_groupware_server 1.0.6
kolab kolab_groupware_server 1.0.3
kolab kolab_groupware_server 1.0.7
openpkg openpkg 2.0
kolab kolab_groupware_server 1.0
kolab kolab_groupware_server 1.0.1
CVE-2005-0373 HIGH

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x 10.1.1
apple mac_os_x_server 10.3.6
apple mac_os_x_server 10.1.4
cyrus sasl 1.5.28
suse suse_linux 9.2
apple mac_os_x 10.1.4
apple mac_os_x_server 10.2.6
apple mac_os_x_server 10.2.3
cyrus sasl 2.1.11
suse suse_linux 8.1
apple mac_os_x_server 10.2
apple mac_os_x_server 10.3.4
apple mac_os_x 10.3.1
apple mac_os_x 10.2.5
apple mac_os_x 10.3.8
suse suse_cvsup 16.1h_36.i586
apple mac_os_x 10.2.6
cyrus sasl 1.5.24
apple mac_os_x 10.2.4
cyrus sasl 2.1.9
apple mac_os_x_server 10.2.7
apple mac_os_x_server 10.3.8
apple mac_os_x 10.0.1
apple mac_os_x 10.2.8
apple mac_os_x 10.3.7
cyrus sasl 2.1.10
apple mac_os_x_server 10.3.7
apple mac_os_x_server 10.3.2
apple mac_os_x 10.3
suse suse_linux 8.0
cyrus sasl 2.1.16
apple mac_os_x 10.3.2
suse suse_linux 9.1
apple mac_os_x 10.2.7
cyrus sasl 2.1.14
cyrus sasl 2.1.18_r1
apple mac_os_x_server 10.1.1
cyrus sasl 2.1.17
apple mac_os_x_server 10.1
apple mac_os_x 10.1.5
apple mac_os_x 10.0.3
conectiva linux 9.0
suse suse_linux 1.0
apple mac_os_x 10.2.2
apple mac_os_x_server 10.2.5
apple mac_os_x 10.3.6
apple mac_os_x 10.0
apple mac_os_x_server 10.3.3
apple mac_os_x 10.2
apple mac_os_x 10.1.3
openpkg openpkg 2.2
cyrus sasl 2.1.18
cyrus sasl 2.1.12
cyrus sasl 2.1.13
apple mac_os_x 10.1
cyrus sasl 1.5.27
apple mac_os_x_server 10.1.5
apple mac_os_x_server 10.2.2
apple mac_os_x_server 10.2.4
apple mac_os_x 10.0.4
apple mac_os_x_server 10.0
apple mac_os_x 10.2.1
apple mac_os_x 10.1.2
apple mac_os_x_server 10.3
apple mac_os_x 10.3.3
apple mac_os_x 10.3.5
apple mac_os_x 10.2.3
apple mac_os_x_server 10.1.3
apple mac_os_x_server 10.1.2
apple mac_os_x_server 10.2.8
apple mac_os_x_server 10.2.1
apple mac_os_x_server 10.3.1
apple mac_os_x_server 10.3.5
openpkg openpkg 2.1
suse suse_linux 8.2
apple mac_os_x 10.0.2
conectiva linux 10.0
apple mac_os_x 10.3.4
cyrus sasl 2.1.15
suse suse_linux 9.0
redhat fedora_core core_1.0