cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| ubuntu | ubuntu_linux | 4.10 |
| freebsd | freebsd | 2.1.0 |
| mandrakesoft | mandrake_linux | cs2.1 |
| mandrakesoft | mandrake_linux | 9.2 |
| mandrakesoft | mandrake_linux | 10.0 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| redhat | enterprise_linux | 4.0 |
| mandrakesoft | mandrake_linux | cs3.0 |
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.4.7 |
| enlightenment | imlib2 | 1.0 |
| redhat | fedora_core | core_1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| enlightenment | imlib | 1.9.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| sun | java_desktop_system | 2003 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.5.7 |
| mandrakesoft | mandrake_linux | 9.2 |
| enlightenment | imlib2 | 1.1 |
| enlightenment | imlib | 1.9.9 |
| turbolinux | turbolinux_server | 7.0 |
| imagemagick | imagemagick | 5.4.8 |
| redhat | fedora_core | core_3.0 |
| enlightenment | imlib | 1.9.11 |
| enlightenment | imlib | 1.9.14 |
| enlightenment | imlib | 1.9.5 |
| sun | java_desktop_system | 2.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.7 |
| conectiva | linux | 9.0 |
| mandrakesoft | mandrake_linux | 10.0 |
| conectiva | linux | 10.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| imagemagick | imagemagick | 5.4.3 |
| turbolinux | turbolinux_desktop | 10.0 |
| imagemagick | imagemagick | 5.4.4.5 |
| enlightenment | imlib | 1.9.8 |
| enlightenment | imlib | 1.9.4 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| redhat | fedora_core | core_2.0 |
| enlightenment | imlib2 | 1.0.1 |
| enlightenment | imlib2 | 1.0.2 |
| imagemagick | imagemagick | 6.0.2 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.10 |
| enlightenment | imlib | 1.9.6 |
| enlightenment | imlib | 1.9.3 |
| suse | suse_linux | 9.2 |
| enlightenment | imlib2 | 1.0.4 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| enlightenment | imlib | 1.9.13 |
| enlightenment | imlib2 | 1.0.3 |
| enlightenment | imlib2 | 1.0.5 |
| enlightenment | imlib | 1.9.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| suse | suse_linux | 8.2 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| enlightenment | imlib | 1.9 |
| enlightenment | imlib | 1.9.12 |
| enlightenment | imlib2 | 1.1.1 |
| imagemagick | imagemagick | 5.3.3 |
| redhat | enterprise_linux | 2.1 |
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.2.9 |
| linux | linux_kernel | 2.2.7 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.2.24 |
| linux | linux_kernel | 2.4.9 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.2.25 |
| linux | linux_kernel | 2.4.21 |
| linux | linux_kernel | 2.2.2 |
| linux | linux_kernel | 2.2.20 |
| linux | linux_kernel | 2.2.0 |
| linux | linux_kernel | 2.2.14 |
| linux | linux_kernel | 2.2.17 |
| linux | linux_kernel | 2.4.16 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.2.12 |
| linux | linux_kernel | 2.4.24_ow1 |
| linux | linux_kernel | 2.2.10 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.2.15 |
| linux | linux_kernel | 2.2.1 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.2.18 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.2.23 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.2.8 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.2.16 |
| linux | linux_kernel | 2.2.15_pre20 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.2.11 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.2.13 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.2.19 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.2.22 |
| linux | linux_kernel | 2.2.21 |
| linux | linux_kernel | 2.2.3 |
| linux | linux_kernel | 2.6.5 |
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.4.7 |
| enlightenment | imlib2 | 1.0 |
| redhat | fedora_core | core_1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| enlightenment | imlib | 1.9.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| sun | java_desktop_system | 2003 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.5.7 |
| mandrakesoft | mandrake_linux | 9.2 |
| enlightenment | imlib2 | 1.1 |
| enlightenment | imlib | 1.9.9 |
| turbolinux | turbolinux_server | 7.0 |
| imagemagick | imagemagick | 5.4.8 |
| redhat | fedora_core | core_3.0 |
| enlightenment | imlib | 1.9.11 |
| enlightenment | imlib | 1.9.14 |
| enlightenment | imlib | 1.9.5 |
| sun | java_desktop_system | 2.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.7 |
| conectiva | linux | 9.0 |
| mandrakesoft | mandrake_linux | 10.0 |
| conectiva | linux | 10.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| imagemagick | imagemagick | 5.4.3 |
| turbolinux | turbolinux_desktop | 10.0 |
| imagemagick | imagemagick | 5.4.4.5 |
| enlightenment | imlib | 1.9.8 |
| enlightenment | imlib | 1.9.4 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| redhat | fedora_core | core_2.0 |
| enlightenment | imlib2 | 1.0.1 |
| enlightenment | imlib2 | 1.0.2 |
| imagemagick | imagemagick | 6.0.2 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.10 |
| enlightenment | imlib | 1.9.6 |
| enlightenment | imlib | 1.9.3 |
| suse | suse_linux | 9.2 |
| enlightenment | imlib2 | 1.0.4 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| enlightenment | imlib | 1.9.13 |
| enlightenment | imlib2 | 1.0.3 |
| enlightenment | imlib2 | 1.0.5 |
| enlightenment | imlib | 1.9.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| suse | suse_linux | 8.2 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| enlightenment | imlib | 1.9 |
| enlightenment | imlib | 1.9.12 |
| enlightenment | imlib2 | 1.1.1 |
| imagemagick | imagemagick | 5.3.3 |
| redhat | enterprise_linux | 2.1 |
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.4.7 |
| enlightenment | imlib2 | 1.0 |
| redhat | fedora_core | core_1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| enlightenment | imlib | 1.9.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| turbolinux | turbolinux | workstation_8.0 |
| redhat | enterprise_linux | 3.0 |
| turbolinux | turbolinux | server_8.0 |
| redhat | linux_advanced_workstation | 2.1 |
| sun | java_desktop_system | 2003 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.5.7 |
| mandrakesoft | mandrake_linux | 9.2 |
| enlightenment | imlib2 | 1.1 |
| enlightenment | imlib | 1.9.9 |
| imagemagick | imagemagick | 5.4.8 |
| redhat | fedora_core | core_3.0 |
| enlightenment | imlib | 1.9.11 |
| enlightenment | imlib | 1.9.14 |
| enlightenment | imlib | 1.9.5 |
| sun | java_desktop_system | 2.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.7 |
| conectiva | linux | 9.0 |
| mandrakesoft | mandrake_linux | 10.0 |
| conectiva | linux | 10.0 |
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 5.4.4.5 |
| enlightenment | imlib | 1.9.8 |
| enlightenment | imlib | 1.9.4 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| redhat | fedora_core | core_2.0 |
| turbolinux | turbolinux | server_7.0 |
| enlightenment | imlib2 | 1.0.1 |
| enlightenment | imlib2 | 1.0.2 |
| imagemagick | imagemagick | 6.0.2 |
| turbolinux | turbolinux | workstation_7.0 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.10 |
| enlightenment | imlib | 1.9.6 |
| enlightenment | imlib | 1.9.3 |
| suse | suse_linux | 9.2 |
| enlightenment | imlib2 | 1.0.4 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| enlightenment | imlib | 1.9.13 |
| enlightenment | imlib2 | 1.0.3 |
| enlightenment | imlib2 | 1.0.5 |
| turbolinux | turbolinux | desktop_10.0 |
| enlightenment | imlib | 1.9.2 |
| suse | suse_linux | 8.2 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| enlightenment | imlib | 1.9 |
| enlightenment | imlib | 1.9.12 |
| enlightenment | imlib2 | 1.1.1 |
| imagemagick | imagemagick | 5.3.3 |
| redhat | enterprise_linux | 2.1 |
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| samba | samba | 3.0.2a |
| ubuntu | ubuntu_linux | 4.1 |
| conectiva | linux | 10.0 |
| samba | samba | 3.0.7 |
| samba | samba | 3.0.3 |
| samba | samba | 3.0.4 |
| samba | samba | 3.0.6 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | fedora_core | core_3.0 |
| samba | samba | 3.0.1 |
| samba | samba | 3.0.5 |
| redhat | fedora_core | core_2.0 |
| samba | samba | 3.0.0 |
| redhat | enterprise_linux | 2.1 |
| samba | samba | 3.0.2 |
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| trustix | secure_linux | 2.2 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.4.9 |
| redhat | enterprise_linux_desktop | 3.0 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.4.21 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| suse | suse_linux | 9.0 |
| trustix | secure_linux | 2.0 |
| linux | linux_kernel | 2.4.16 |
| redhat | fedora_core | core_3.0 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.4.24_ow1 |
| suse | suse_linux | 9.1 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| suse | suse_linux | 8 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.4.18 |
| suse | suse_linux | 1.0 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.2 |
| redhat | fedora_core | core_2.0 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
| trustix | secure_linux | 2.1 |
| suse | suse_linux | 9.2 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.4.6 |
| trustix | secure_linux | 1.5 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6_test9_cvs |
| suse | suse_linux | 8.2 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.6.5 |
| redhat | enterprise_linux | 2.1 |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | koffice | 1.3_beta1 |
| tetex | tetex | 1.0.7 |
| easy_software_products | cups | 1.1.10 |
| pdftohtml | pdftohtml | 0.34 |
| pdftohtml | pdftohtml | 0.33 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 0.90 |
| easy_software_products | cups | 1.1.16 |
| pdftohtml | pdftohtml | 0.35 |
| redhat | enterprise_linux_desktop | 3.0 |
| xpdf | xpdf | 1.0 |
| xpdf | xpdf | 1.1 |
| easy_software_products | cups | 1.1.15 |
| kde | kde | 3.3 |
| kde | kde | 3.3.1 |
| easy_software_products | cups | 1.1.19 |
| xpdf | xpdf | 0.92 |
| kde | kde | 3.2 |
| kde | kpdf | 3.2 |
| easy_software_products | cups | 1.0.4 |
| kde | koffice | 1.3_beta2 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| easy_software_products | cups | 1.1.20 |
| suse | suse_linux | 9.0 |
| xpdf | xpdf | 2.3 |
| easy_software_products | cups | 1.1.13 |
| pdftohtml | pdftohtml | 0.36 |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.1.12 |
| easy_software_products | cups | 1.1.14 |
| debian | debian_linux | 3.0 |
| easy_software_products | cups | 1.1.19_rc5 |
| kde | koffice | 1.3.3 |
| easy_software_products | cups | 1.1.4 |
| pdftohtml | pdftohtml | 0.32a |
| suse | suse_linux | 9.1 |
| easy_software_products | cups | 1.1.4_2 |
| xpdf | xpdf | 2.1 |
| easy_software_products | cups | 1.1.7 |
| gentoo | linux | * |
| gnome | gpdf | 0.112 |
| easy_software_products | cups | 1.1.18 |
| gnome | gpdf | 0.131 |
| tetex | tetex | 2.0.2 |
| easy_software_products | cups | 1.1.6 |
| redhat | fedora_core | core_2.0 |
| kde | kde | 3.2.1 |
| kde | koffice | 1.3.1 |
| suse | suse_linux | 8.0 |
| easy_software_products | cups | 1.1.17 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.2.2 |
| suse | suse_linux | 9.2 |
| xpdf | xpdf | 0.93 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| kde | koffice | 1.3_beta3 |
| pdftohtml | pdftohtml | 0.32b |
| xpdf | xpdf | 3.0 |
| easy_software_products | cups | 1.0.4_8 |
| kde | koffice | 1.3.2 |
| easy_software_products | cups | 1.1.1 |
| xpdf | xpdf | 1.0a |
| kde | koffice | 1.3 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 8.2 |
| easy_software_products | cups | 1.1.4_5 |
| kde | kde | 3.2.3 |
| pdftohtml | pdftohtml | 0.33a |
| xpdf | xpdf | 2.0 |
| redhat | enterprise_linux | 2.1 |
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | koffice | 1.3_beta1 |
| tetex | tetex | 1.0.7 |
| easy_software_products | cups | 1.1.10 |
| pdftohtml | pdftohtml | 0.34 |
| pdftohtml | pdftohtml | 0.33 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 0.90 |
| easy_software_products | cups | 1.1.16 |
| pdftohtml | pdftohtml | 0.35 |
| redhat | enterprise_linux_desktop | 3.0 |
| xpdf | xpdf | 1.0 |
| xpdf | xpdf | 1.1 |
| easy_software_products | cups | 1.1.15 |
| kde | kde | 3.3 |
| kde | kde | 3.3.1 |
| easy_software_products | cups | 1.1.19 |
| xpdf | xpdf | 0.92 |
| kde | kde | 3.2 |
| kde | kpdf | 3.2 |
| easy_software_products | cups | 1.0.4 |
| kde | koffice | 1.3_beta2 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| easy_software_products | cups | 1.1.20 |
| suse | suse_linux | 9.0 |
| xpdf | xpdf | 2.3 |
| easy_software_products | cups | 1.1.13 |
| pdftohtml | pdftohtml | 0.36 |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.1.12 |
| easy_software_products | cups | 1.1.14 |
| debian | debian_linux | 3.0 |
| easy_software_products | cups | 1.1.19_rc5 |
| kde | koffice | 1.3.3 |
| easy_software_products | cups | 1.1.4 |
| pdftohtml | pdftohtml | 0.32a |
| suse | suse_linux | 9.1 |
| easy_software_products | cups | 1.1.4_2 |
| xpdf | xpdf | 2.1 |
| easy_software_products | cups | 1.1.7 |
| gentoo | linux | * |
| gnome | gpdf | 0.112 |
| easy_software_products | cups | 1.1.18 |
| gnome | gpdf | 0.131 |
| tetex | tetex | 2.0.2 |
| easy_software_products | cups | 1.1.6 |
| redhat | fedora_core | core_2.0 |
| kde | kde | 3.2.1 |
| kde | koffice | 1.3.1 |
| suse | suse_linux | 8.0 |
| easy_software_products | cups | 1.1.17 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.2.2 |
| suse | suse_linux | 9.2 |
| xpdf | xpdf | 0.93 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| kde | koffice | 1.3_beta3 |
| pdftohtml | pdftohtml | 0.32b |
| xpdf | xpdf | 3.0 |
| easy_software_products | cups | 1.0.4_8 |
| kde | koffice | 1.3.2 |
| easy_software_products | cups | 1.1.1 |
| xpdf | xpdf | 1.0a |
| kde | koffice | 1.3 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 8.2 |
| easy_software_products | cups | 1.1.4_5 |
| kde | kde | 3.2.3 |
| pdftohtml | pdftohtml | 0.33a |
| xpdf | xpdf | 2.0 |
| redhat | enterprise_linux | 2.1 |
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rob_flynn | gaim | 0.54 |
| rob_flynn | gaim | 0.78 |
| gentoo | linux | * |
| rob_flynn | gaim | 0.70 |
| rob_flynn | gaim | 1.0.1 |
| rob_flynn | gaim | 0.53 |
| rob_flynn | gaim | 0.74 |
| rob_flynn | gaim | 0.57 |
| rob_flynn | gaim | 0.63 |
| slackware | slackware_linux | 9.1 |
| slackware | slackware_linux | current |
| rob_flynn | gaim | 0.72 |
| rob_flynn | gaim | 0.68 |
| rob_flynn | gaim | 0.56 |
| rob_flynn | gaim | 0.61 |
| rob_flynn | gaim | 0.52 |
| rob_flynn | gaim | 0.59.1 |
| rob_flynn | gaim | 0.55 |
| rob_flynn | gaim | 0.10 |
| rob_flynn | gaim | 0.51 |
| rob_flynn | gaim | 0.67 |
| rob_flynn | gaim | 0.82 |
| slackware | slackware_linux | 10.0 |
| rob_flynn | gaim | 0.64 |
| ubuntu | ubuntu_linux | 4.1 |
| rob_flynn | gaim | 0.62 |
| gentoo | linux | 1.4 |
| rob_flynn | gaim | 0.50 |
| rob_flynn | gaim | 0.82.1 |
| rob_flynn | gaim | 0.69 |
| rob_flynn | gaim | 0.59 |
| rob_flynn | gaim | 0.73 |
| rob_flynn | gaim | 0.66 |
| slackware | slackware_linux | 9.0 |
| rob_flynn | gaim | 0.10.3 |
| rob_flynn | gaim | 0.75 |
| rob_flynn | gaim | 0.60 |
| rob_flynn | gaim | 0.58 |
| rob_flynn | gaim | 0.71 |
| rob_flynn | gaim | 1.0 |
| rob_flynn | gaim | 0.65 |
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| squid | squid | 2.0_patch2 |
| gentoo | linux | * |
| squid | squid | 2.4_.stable7 |
| squid | squid | 3.0_pre1 |
| squid | squid | 2.5_.stable3 |
| redhat | fedora_core | core_2.0 |
| squid | squid | 3.0_pre3 |
| squid | squid | 2.5_.stable1 |
| openpkg | openpkg | 2.2 |
| squid | squid | 2.5_.stable4 |
| trustix | secure_linux | 2.1 |
| squid | squid | 2.1_patch2 |
| squid | squid | 2.4_.stable6 |
| squid | squid | 2.3_.stable5 |
| openpkg | openpkg | 2.1 |
| ubuntu | ubuntu_linux | 4.1 |
| squid | squid | 2.5_.stable5 |
| trustix | secure_linux | 2.0 |
| trustix | secure_linux | 1.5 |
| squid | squid | 2.3_.stable4 |
| squid | squid | 2.4_.stable2 |
| squid | squid | 2.4 |
| openpkg | openpkg | current |
| squid | squid | 3.0_pre2 |
| squid | squid | 2.5_.stable6 |
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| trustix | secure_linux | 2.2 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.4.9 |
| redhat | enterprise_linux_desktop | 3.0 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.4.21 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| suse | suse_linux | 9.0 |
| trustix | secure_linux | 2.0 |
| linux | linux_kernel | 2.4.16 |
| redhat | fedora_core | core_3.0 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.4.24_ow1 |
| suse | suse_linux | 9.1 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| suse | suse_linux | 8 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.4.18 |
| suse | suse_linux | 1.0 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.2 |
| redhat | fedora_core | core_2.0 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
| trustix | secure_linux | 2.1 |
| suse | suse_linux | 9.2 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.4.6 |
| trustix | secure_linux | 1.5 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6_test9_cvs |
| suse | suse_linux | 8.2 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.6.5 |
| redhat | enterprise_linux | 2.1 |
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 9.1 |
| oracle | mysql | 4.0.14 |
| oracle | mysql | 4.0.1 |
| oracle | mysql | 4.0.5a |
| oracle | mysql | 4.0.15 |
| oracle | mysql | 4.0.5 |
| oracle | mysql | 4.0.0 |
| oracle | mysql | 4.0.11 |
| oracle | mysql | 4.0.4 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 9.2 |
| oracle | mysql | 4.0.3 |
| oracle | mysql | 4.0.13 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.0 |
| ubuntu | ubuntu_linux | 4.1 |
| oracle | mysql | 4.0.9 |
| oracle | mysql | 4.0.18 |
| oracle | mysql | 4.0.7 |
| oracle | mysql | 4.0.8 |
| oracle | mysql | 4.0.20 |
| suse | suse_linux | 8.2 |
| oracle | mysql | 4.0.10 |
| oracle | mysql | 4.0.12 |
| oracle | mysql | 4.0.6 |
| oracle | mysql | 4.0.2 |
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | mysql | 3.23.56 |
| oracle | mysql | 3.23.54 |
| oracle | mysql | 3.22.28 |
| oracle | mysql | 3.23.4 |
| oracle | mysql | 3.23.8 |
| oracle | mysql | 3.23.49 |
| oracle | mysql | 3.23.50 |
| oracle | mysql | 3.23.54a |
| redhat | enterprise_linux_desktop | 3.0 |
| oracle | mysql | 3.23.43 |
| oracle | mysql | 3.20 |
| oracle | mysql | 4.0.15 |
| oracle | mysql | 4.0.0 |
| oracle | mysql | 3.23.39 |
| oracle | mysql | 4.0.11 |
| oracle | mysql | 3.23.10 |
| oracle | mysql | 4.0.4 |
| openpkg | openpkg | 2.2 |
| oracle | mysql | 3.22.30 |
| oracle | mysql | 3.23.2 |
| oracle | mysql | 3.23.52 |
| oracle | mysql | 3.22.32 |
| redhat | enterprise_linux | 3.0 |
| suse | suse_linux | 9.0 |
| oracle | mysql | 3.23.25 |
| trustix | secure_linux | 2.0 |
| oracle | mysql | 3.23.29 |
| oracle | mysql | 3.23.36 |
| oracle | mysql | 4.0.7 |
| oracle | mysql | 3.23.53a |
| oracle | mysql | 3.22.27 |
| oracle | mysql | 3.23.32 |
| oracle | mysql | 3.23.44 |
| oracle | mysql | 3.23.48 |
| oracle | mysql | 4.0.8 |
| oracle | mysql | 3.23.46 |
| openpkg | openpkg | current |
| oracle | mysql | 4.0.10 |
| oracle | mysql | 3.23.24 |
| oracle | mysql | 4.0.12 |
| oracle | mysql | 4.0.6 |
| oracle | mysql | 4.0.2 |
| suse | suse_linux | 9.1 |
| oracle | mysql | 3.23.34 |
| oracle | mysql | 3.23.40 |
| oracle | mysql | 3.23.53 |
| oracle | mysql | 3.23.22 |
| oracle | mysql | 4.0.14 |
| oracle | mysql | 3.22.26 |
| oracle | mysql | 3.23.42 |
| oracle | mysql | 3.23.47 |
| oracle | mysql | 3.23.30 |
| oracle | mysql | 3.23.58 |
| oracle | mysql | 3.23.26 |
| oracle | mysql | 4.0.1 |
| oracle | mysql | 4.0.5a |
| oracle | mysql | 4.0.5 |
| oracle | mysql | 3.23.31 |
| suse | suse_linux | 8.0 |
| oracle | mysql | 3.23.38 |
| trustix | secure_linux | 2.1 |
| oracle | mysql | 3.23.9 |
| oracle | mysql | 3.23.51 |
| suse | suse_linux | 9.2 |
| oracle | mysql | 4.0.3 |
| oracle | mysql | 4.0.13 |
| openpkg | openpkg | 2.1 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| oracle | mysql | 3.23.45 |
| oracle | mysql | 4.0.9 |
| trustix | secure_linux | 1.5 |
| oracle | mysql | 4.0.18 |
| oracle | mysql | 3.23.59 |
| oracle | mysql | 3.22 |
| oracle | mysql | 3.23.3 |
| oracle | mysql | 4.0.20 |
| oracle | mysql | 3.20.32a |
| oracle | mysql | 3.23.41 |
| oracle | mysql | 3.23.37 |
| oracle | mysql | 3.23 |
| oracle | mysql | 3.22.29 |
| oracle | mysql | 3.23.5 |
| suse | suse_linux | 8.2 |
| oracle | mysql | 3.23.27 |
| oracle | mysql | 3.23.28 |
| oracle | mysql | 3.23.55 |
| oracle | mysql | 3.21 |
| oracle | mysql | 3.23.33 |
| oracle | mysql | 3.23.23 |
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 4.1 |
| gnu | gettext | 0.14.1 |
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gentoo | linux | * |
| ubuntu | ubuntu_linux | 4.1 |
| gnu | groff | 1.19 |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| gentoo | linux | * |
| ubuntu | ubuntu_linux | 4.1 |
| mandrakesoft | mandrake_linux | 9.2 |
| mandrakesoft | mandrake_linux | 10.0 |
| yukihiro_matsumoto | ruby | 1.8.1 |
| yukihiro_matsumoto | ruby | 1.8 |
| yukihiro_matsumoto | ruby | 1.8.2_pre2 |
| yukihiro_matsumoto | ruby | 1.6.7 |
| yukihiro_matsumoto | ruby | 1.6 |
| yukihiro_matsumoto | ruby | 1.8.2_pre1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xmlsoft | libxml2 | 2.6.11 |
| ubuntu | ubuntu_linux | 4.1 |
| xmlsoft | libxml2 | 2.6.9 |
| xmlsoft | libxml2 | 2.6.13 |
| trustix | secure_linux | 2.0 |
| xmlsoft | libxml2 | 2.6.12 |
| xmlsoft | libxml2 | 2.5.11 |
| xmlsoft | libxml2 | 2.6.6 |
| xmlsoft | libxml2 | 2.6.7 |
| xmlsoft | libxml2 | 2.6.14 |
| redhat | fedora_core | core_2.0 |
| xmlsoft | libxml | 1.8.17 |
| xmlsoft | libxml2 | 2.6.8 |
| xmlstarlet | command_line_xml_toolkit | 0.9.1 |
| trustix | secure_linux | 2.1 |
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bogofilter | email_filter | 0.9.0.4 |
| ubuntu | ubuntu_linux | 4.1 |
| bogofilter | email_filter | 0.9.0.3 |
| bogofilter | email_filter | 0.92 |
| bogofilter | email_filter | 0.9.0.5 |
| bogofilter | email_filter | 0.92.4 |
| bogofilter | email_filter | 0.92.6 |
| bogofilter | email_filter | 0.92.7 |
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | 2.2.1_beta |
| carnegie_mellon_university | cyrus_imap_server | 2.2.5 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.4 |
| conectiva | linux | 9.0 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.2 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.6 |
| conectiva | linux | 10.0 |
| trustix | secure_linux | 2.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.0_alpha |
| carnegie_mellon_university | cyrus_imap_server | 2.2.3 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.16 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.7 |
| redhat | fedora_core | core_3.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.2_beta |
| redhat | fedora_core | core_2.0 |
| openpkg | openpkg | current |
| carnegie_mellon_university | cyrus_imap_server | 2.1.10 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.8 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.7 |
| trustix | secure_linux | 2.1 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.9 |
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | 2.2.1_beta |
| carnegie_mellon_university | cyrus_imap_server | 2.2.5 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.4 |
| conectiva | linux | 9.0 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.2 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.6 |
| conectiva | linux | 10.0 |
| trustix | secure_linux | 2.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.0_alpha |
| carnegie_mellon_university | cyrus_imap_server | 2.2.3 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.16 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.7 |
| redhat | fedora_core | core_3.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.2_beta |
| redhat | fedora_core | core_2.0 |
| openpkg | openpkg | current |
| carnegie_mellon_university | cyrus_imap_server | 2.1.10 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.8 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.7 |
| trustix | secure_linux | 2.1 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.9 |
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | 2.2.1_beta |
| carnegie_mellon_university | cyrus_imap_server | 2.2.5 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.4 |
| conectiva | linux | 9.0 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.2 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.6 |
| conectiva | linux | 10.0 |
| trustix | secure_linux | 2.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.0_alpha |
| carnegie_mellon_university | cyrus_imap_server | 2.2.3 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.16 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.7 |
| redhat | fedora_core | core_3.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.2_beta |
| redhat | fedora_core | core_2.0 |
| openpkg | openpkg | current |
| carnegie_mellon_university | cyrus_imap_server | 2.1.10 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.8 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.7 |
| trustix | secure_linux | 2.1 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.9 |
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | 2.0.16 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.1_beta |
| carnegie_mellon_university | cyrus_imap_server | 2.2.5 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.4 |
| carnegie_mellon_university | cyrus_imap_server | 1.5.19 |
| ubuntu | ubuntu_linux | 4.1 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.6 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.0_alpha |
| carnegie_mellon_university | cyrus_imap_server | 2.2.3 |
| carnegie_mellon_university | cyrus_imap_server | 2.0.12 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.16 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.7 |
| redhat | fedora_core | core_3.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.2_beta |
| redhat | fedora_core | core_2.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.10 |
| carnegie_mellon_university | cyrus_imap_server | 1.4 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.8 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.9 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.7 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.9 |
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.9 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.4.21 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.4.16 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.28 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.4.24_ow1 |
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| php | php | 3.0.5 |
| php | php | 3.0.15 |
| php | php | 4.1.2 |
| php | php | 4.2.1 |
| php | php | 4.3.7 |
| php | php | 3.0.4 |
| php | php | 4.3.0 |
| trustix | secure_linux | 2.2 |
| php | php | 4.2 |
| php | php | 4.2.3 |
| php | php | 3.0.8 |
| php | php | 3.0.11 |
| php | php | 4.2.2 |
| php | php | 3.0.3 |
| php | php | 4.3.5 |
| php | php | 5.0.0 |
| php | php | 4.3.8 |
| openpkg | openpkg | 2.2 |
| php | php | 3.0.18 |
| php | php | 3.0.1 |
| trustix | secure_linux | 2.0 |
| php | php | 3.0.2 |
| php | php | 3.0.7 |
| php | php | 3.0.9 |
| openpkg | openpkg | current |
| php | php | 4.3.2 |
| php | php | 4.0.5 |
| php | php | 3.0.6 |
| php | php | 3.0.10 |
| php | php | 4.0.3 |
| php | php | 4.3.6 |
| php | php | 4.0.4 |
| php | php | 4.3.1 |
| php | php | 3.0.17 |
| php | php | 4.0.1 |
| php | php | 4.0.7 |
| php | php | 4.0.2 |
| php | php | 4.3.3 |
| php | php | 4.3.4 |
| php | php | 5.0.2 |
| php | php | 3.0.12 |
| php | php | 3.0.13 |
| php | php | 5.0 |
| php | php | 3.0 |
| trustix | secure_linux | 2.1 |
| php | php | 4.1.0 |
| php | php | 4.3.9 |
| php | php | 4.0 |
| php | php | 4.2.0 |
| openpkg | openpkg | 2.1 |
| ubuntu | ubuntu_linux | 4.1 |
| php | php | 3.0.16 |
| php | php | 4.1.1 |
| php | php | 4.0.6 |
| php | php | 5.0.1 |
| php | php | 3.0.14 |
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| todd_miller | sudo | 1.6.5 |
| trustix | secure_linux | 2.2 |
| mandrakesoft | mandrake_linux | 10.0 |
| todd_miller | sudo | 1.6.3_p7 |
| todd_miller | sudo | 1.6.8 |
| todd_miller | sudo | 1.5.7 |
| todd_miller | sudo | 1.6.3_p2 |
| todd_miller | sudo | 1.6.3_p4 |
| todd_miller | sudo | 1.5.8 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| todd_miller | sudo | 1.6.3_p3 |
| trustix | secure_linux | 2.1 |
| todd_miller | sudo | 1.6.6 |
| todd_miller | sudo | 1.5.9 |
| todd_miller | sudo | 1.6 |
| todd_miller | sudo | 1.6.7 |
| ubuntu | ubuntu_linux | 4.1 |
| mandrakesoft | mandrake_linux | 9.2 |
| todd_miller | sudo | 1.6.2 |
| todd_miller | sudo | 1.6.3_p6 |
| trustix | secure_linux | 2.0 |
| trustix | secure_linux | 1.5 |
| todd_miller | sudo | 1.6.3_p5 |
| todd_miller | sudo | 1.6.5_p1 |
| todd_miller | sudo | 1.6.4_p1 |
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| todd_miller | sudo | 1.6.1 |
| debian | debian_linux | 3.0 |
| todd_miller | sudo | 1.5.6 |
| todd_miller | sudo | 1.6.3_p1 |
| todd_miller | sudo | 1.6.8_p1 |
| todd_miller | sudo | 1.6.5_p2 |
| todd_miller | sudo | 1.6.4 |
| todd_miller | sudo | 1.6.3 |
| todd_miller | sudo | 1.6.4_p2 |
Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.6.5 |
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.6.5 |
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| php | php | 3.0.5 |
| php | php | 3.0.15 |
| php | php | 4.1.2 |
| php | php | 4.2.1 |
| php | php | 4.3.7 |
| php | php | 3.0.4 |
| php | php | 4.3.0 |
| trustix | secure_linux | 2.2 |
| php | php | 4.2 |
| php | php | 4.2.3 |
| php | php | 3.0.8 |
| php | php | 3.0.11 |
| php | php | 4.2.2 |
| php | php | 3.0.3 |
| php | php | 4.3.5 |
| php | php | 5.0.0 |
| php | php | 4.3.8 |
| openpkg | openpkg | 2.2 |
| php | php | 3.0.18 |
| php | php | 3.0.1 |
| trustix | secure_linux | 2.0 |
| php | php | 3.0.2 |
| php | php | 3.0.7 |
| php | php | 3.0.9 |
| openpkg | openpkg | current |
| php | php | 4.3.2 |
| php | php | 4.0.5 |
| php | php | 3.0.6 |
| php | php | 3.0.10 |
| php | php | 4.0.3 |
| php | php | 4.3.6 |
| php | php | 4.0.4 |
| php | php | 4.3.1 |
| php | php | 3.0.17 |
| php | php | 4.0.1 |
| php | php | 4.0.7 |
| php | php | 4.0.2 |
| php | php | 4.3.3 |
| php | php | 4.3.4 |
| php | php | 5.0.2 |
| php | php | 3.0.12 |
| php | php | 3.0.13 |
| php | php | 5.0 |
| php | php | 3.0 |
| trustix | secure_linux | 2.1 |
| php | php | 4.1.0 |
| php | php | 4.3.9 |
| php | php | 4.0 |
| php | php | 4.2.0 |
| openpkg | openpkg | 2.1 |
| ubuntu | ubuntu_linux | 4.1 |
| php | php | 3.0.16 |
| php | php | 4.1.1 |
| php | php | 4.0.6 |
| php | php | 5.0.1 |
| php | php | 3.0.14 |
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | 2.0.16 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.1_beta |
| carnegie_mellon_university | cyrus_imap_server | 2.2.5 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.4 |
| carnegie_mellon_university | cyrus_imap_server | 1.5.19 |
| ubuntu | ubuntu_linux | 4.1 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.6 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.0_alpha |
| carnegie_mellon_university | cyrus_imap_server | 2.2.3 |
| carnegie_mellon_university | cyrus_imap_server | 2.0.12 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.16 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.7 |
| redhat | fedora_core | core_3.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.2_beta |
| redhat | fedora_core | core_2.0 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.10 |
| carnegie_mellon_university | cyrus_imap_server | 1.4 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.8 |
| carnegie_mellon_university | cyrus_imap_server | 2.2.9 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.7 |
| carnegie_mellon_university | cyrus_imap_server | 2.1.9 |
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.9 |
| redhat | enterprise_linux_desktop | 3.0 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.4.21 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.4.16 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.4.24_ow1 |
| redhat | enterprise_linux | 2.1 |
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.6.5 |
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.9 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.4.21 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.4.16 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.28 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.4.24_ow1 |
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.6.5 |
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.4.29 |
| avaya | s8710 | r2.0.0 |
| redhat | enterprise_linux | 4.0 |
| avaya | s8300 | r2.0.1 |
| linux | linux_kernel | 2.4.14 |
| avaya | network_routing | * |
| redhat | fedora_core | core_1.0 |
| linux | linux_kernel | 2.4.9 |
| redhat | enterprise_linux_desktop | 3.0 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.6.10 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| linux | linux_kernel | 2.4.20 |
| redhat | linux | 7.3 |
| linux | linux_kernel | 2.6.9 |
| avaya | s8500 | r2.0.1 |
| avaya | converged_communications_server | 2.0 |
| linux | linux_kernel | 2.4.21 |
| redhat | enterprise_linux | 3.0 |
| suse | suse_linux | 9.0 |
| mandrakesoft | mandrake_linux | 9.2 |
| redhat | linux | 9.0 |
| avaya | modular_messaging_message_storage_server | 1.1 |
| avaya | mn100 | * |
| linux | linux_kernel | 2.4.16 |
| redhat | fedora_core | core_3.0 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.28 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.4.24_ow1 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| mandrakesoft | mandrake_linux | 10.0 |
| suse | suse_linux | 8 |
| linux | linux_kernel | 2.4.19 |
| conectiva | linux | 10.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| linux | linux_kernel | 2.4.18 |
| suse | suse_linux | 1.0 |
| avaya | s8300 | r2.0.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.4.2 |
| redhat | fedora_core | core_2.0 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
| avaya | s8710 | r2.0.1 |
| suse | suse_linux | 9.2 |
| avaya | s8500 | r2.0.0 |
| suse | suse_linux | 8.1 |
| ubuntu | ubuntu_linux | 4.1 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.4 |
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| linux | linux_kernel | 2.4.0 |
| avaya | intuity_audix | * |
| avaya | modular_messaging_message_storage_server | 2.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.6_test9_cvs |
| avaya | s8700 | r2.0.1 |
| avaya | s8700 | r2.0.0 |
| suse | suse_linux | 8.2 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.6.5 |
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 4.1 |
| conectiva | linux | 10.0 |
| gnu | realtime_linux_security_module | 0.8.7 |
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 4.10 |
| gentoo | linux | * |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| redhat | enterprise_linux | 4.0 |
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 4.10 |
| gnu | mailman | 2.1.5 |
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 5.04 |
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 5.3 |
| freebsd | freebsd | 4.8 |
| freebsd | freebsd | 4.9 |
| sun | solaris | 9.0 |
| redhat | enterprise_linux | 4.0 |
| freebsd | freebsd | 1.1.5.1 |
| freebsd | freebsd | 4.2 |
| freebsd | freebsd | 3.5 |
| freebsd | freebsd | 3.3 |
| freebsd | freebsd | 5.4 |
| redhat | enterprise_linux_desktop | 3.0 |
| freebsd | freebsd | 3.1 |
| freebsd | freebsd | 3.4 |
| freebsd | freebsd | 3.2 |
| freebsd | freebsd | 5.1 |
| freebsd | freebsd | 4.1 |
| sun | solaris | 7.0 |
| freebsd | freebsd | 2.2.2 |
| freebsd | freebsd | 3.5.1 |
| sco | unixware | 7.1.4 |
| redhat | enterprise_linux | 3.0 |
| freebsd | freebsd | 2.0.5 |
| freebsd | freebsd | 2.2.3 |
| freebsd | freebsd | 4.6.2 |
| freebsd | freebsd | 3.0 |
| freebsd | freebsd | 2.2.6 |
| freebsd | freebsd | 4.3 |
| freebsd | freebsd | 5.0 |
| redhat | fedora_core | core_3.0 |
| freebsd | freebsd | 2.2 |
| freebsd | freebsd | 4.5 |
| freebsd | freebsd | 5.2.1 |
| sco | openserver | 5.0.7 |
| freebsd | freebsd | 4.6 |
| freebsd | freebsd | 4.1.1 |
| sco | unixware | 7.1.3_up |
| freebsd | freebsd | 2.2.5 |
| sun | solaris | 10.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| freebsd | freebsd | 4.4 |
| freebsd | freebsd | 2.1.6.1 |
| freebsd | freebsd | 4.7 |
| sun | solaris | 8.0 |
| freebsd | freebsd | 2.2.4 |
| freebsd | freebsd | 2.2.8 |
| freebsd | freebsd | 2.1.7.1 |
| freebsd | freebsd | 5.2 |
| freebsd | freebsd | 2.0 |
| freebsd | freebsd | 4.0 |
| freebsd | freebsd | 2.1.0 |
| ubuntu | ubuntu_linux | 4.1 |
| freebsd | freebsd | 2.1.6 |
| freebsd | freebsd | 4.10 |
| freebsd | freebsd | 4.11 |
| ubuntu | ubuntu_linux | 5.04 |
| freebsd | freebsd | 2.1.5 |
| sco | unixware | 7.1.3 |
| redhat | enterprise_linux | 2.1 |
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 9.1 |
| larry_wall | perl | 5.8.1 |
| trustix | secure_linux | 2.2 |
| larry_wall | perl | 5.8.4.3 |
| redhat | enterprise_linux_desktop | 3.0 |
| larry_wall | perl | 5.8.4.1 |
| suse | suse_linux | 8.0 |
| trustix | secure_linux | 2.1 |
| larry_wall | perl | 5.8.4.5 |
| suse | suse_linux | 9.2 |
| redhat | enterprise_linux | 3.0 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.0 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.0 |
| trustix | secure_linux | 1.5 |
| sgi | propack | 3.0 |
| larry_wall | perl | 5.8.4.2.3 |
| larry_wall | perl | 5.8.4.2 |
| larry_wall | perl | 5.8.4 |
| larry_wall | perl | 5.8.4.4 |
| redhat | fedora_core | core_3.0 |
| suse | suse_linux | 8.2 |
| larry_wall | perl | 5.8.0 |
| larry_wall | perl | 5.8.3 |
| ibm | aix | 5.3 |
| ibm | aix | 5.2 |
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | koffice | 1.3_beta1 |
| easy_software_products | cups | 1.1.10 |
| pdftohtml | pdftohtml | 0.34 |
| pdftohtml | pdftohtml | 0.33 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 0.90 |
| easy_software_products | cups | 1.1.16 |
| pdftohtml | pdftohtml | 0.35 |
| redhat | fedora_core | core_1.0 |
| easy_software_products | cups | 1.1.15 |
| kde | kde | 3.3 |
| suse | suse_linux | 6.2 |
| easy_software_products | cups | 1.1.19 |
| ascii | ptex | 3.1.4 |
| kde | kde | 3.2 |
| redhat | enterprise_linux | 3.0 |
| easy_software_products | cups | 1.1.20 |
| suse | suse_linux | 7.0 |
| xpdf | xpdf | 2.3 |
| pdftohtml | pdftohtml | 0.36 |
| easy_software_products | cups | 1.1.12 |
| debian | debian_linux | 3.0 |
| suse | suse_linux | 6.3 |
| tetex | tetex | 1.0.6 |
| suse | suse_linux | 4.0 |
| suse | suse_linux | 6.1 |
| pdftohtml | pdftohtml | 0.32a |
| suse | suse_linux | 4.3 |
| easy_software_products | cups | 1.1.7 |
| gentoo | linux | * |
| suse | suse_linux | 7.1 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| tetex | tetex | 2.0.2 |
| redhat | fedora_core | core_2.0 |
| kde | kde | 3.2.1 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 4.4.1 |
| suse | suse_linux | 5.3 |
| easy_software_products | cups | 1.1.17 |
| xpdf | xpdf | 0.91 |
| kde | kde | 3.2.2 |
| suse | suse_linux | 9.2 |
| suse | suse_linux | 7.3 |
| ubuntu | ubuntu_linux | 4.1 |
| kde | koffice | 1.3_beta3 |
| suse | suse_linux | 5.0 |
| easy_software_products | cups | 1.0.4_8 |
| easy_software_products | cups | 1.1.1 |
| xpdf | xpdf | 1.0a |
| redhat | enterprise_linux | 2.1 |
| tetex | tetex | 1.0.7 |
| redhat | enterprise_linux_desktop | 3.0 |
| xpdf | xpdf | 1.0 |
| xpdf | xpdf | 1.1 |
| kde | kde | 3.3.1 |
| suse | suse_linux | 4.4 |
| xpdf | xpdf | 0.92 |
| kde | kpdf | 3.2 |
| easy_software_products | cups | 1.0.4 |
| kde | koffice | 1.3_beta2 |
| redhat | linux_advanced_workstation | 2.1 |
| suse | suse_linux | 9.0 |
| redhat | linux | 9.0 |
| sgi | propack | 3.0 |
| easy_software_products | cups | 1.1.13 |
| sgi | advanced_linux_environment | 3.0 |
| tetex | tetex | 2.0.1 |
| redhat | fedora_core | core_3.0 |
| easy_software_products | cups | 1.1.14 |
| easy_software_products | cups | 1.1.19_rc5 |
| kde | koffice | 1.3.3 |
| suse | suse_linux | 2.0 |
| suse | suse_linux | 6.0 |
| easy_software_products | cups | 1.1.4 |
| suse | suse_linux | 9.1 |
| easy_software_products | cups | 1.1.4_2 |
| xpdf | xpdf | 2.1 |
| suse | suse_linux | 1.0 |
| gnome | gpdf | 0.112 |
| easy_software_products | cups | 1.1.18 |
| gnome | gpdf | 0.131 |
| suse | suse_linux | 3.0 |
| easy_software_products | cups | 1.1.6 |
| kde | koffice | 1.3.1 |
| xpdf | xpdf | 0.93 |
| suse | suse_linux | 8.1 |
| gnome | gpdf | 0.110 |
| suse | suse_linux | 7.2 |
| cstex | cstetex | 2.0.2 |
| suse | suse_linux | 5.2 |
| pdftohtml | pdftohtml | 0.32b |
| xpdf | xpdf | 3.0 |
| kde | koffice | 1.3.2 |
| suse | suse_linux | 6.4 |
| kde | koffice | 1.3 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 8.2 |
| easy_software_products | cups | 1.1.4_5 |
| kde | kde | 3.2.3 |
| pdftohtml | pdftohtml | 0.33a |
| suse | suse_linux | 4.2 |
| suse | suse_linux | 5.1 |
| xpdf | xpdf | 2.0 |
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 9.1 |
| suse | suse_linux | 9.2 |
| ubuntu | ubuntu_linux | 4.10 |
| suse | suse_linux | 9.0 |
| trustix | secure_linux | 2.2 |
| suse | suse_linux | 8.2 |
| trustix | secure_linux | 2 |
| trustix | secure_linux | 2.1 |
| redhat | enterprise_linux | 2.1 |
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.4.29 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.7 |
| linux | linux_kernel | 2.4.19 |
| conectiva | linux | 10.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| linux | linux_kernel | 2.4.18 |
| suse | suse_linux | 1.0 |
| redhat | enterprise_linux | 4.0 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.4.22 |
| redhat | fedora_core | core_1.0 |
| linux | linux_kernel | 2.4.9 |
| redhat | fedora_core | core_2.0 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.6.11 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.4.20 |
| redhat | linux | 7.3 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.2 |
| suse | suse_linux | 9.3 |
| linux | linux_kernel | 2.4.21 |
| ubuntu | ubuntu_linux | 4.1 |
| redhat | linux | 9.0 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.4.16 |
| redhat | fedora_core | core_3.0 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.4.28 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.4.8 |
| linux | linux_kernel | 2.6.5 |
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| conectiva | linux | 9.0 |
| gentoo | linux | * |
| ubuntu | ubuntu_linux | 4.1 |
| conectiva | linux | 10.0 |
| kde | quanta | 3.1 |
| redhat | fedora_core | core_3.0 |
| kde | kde | 3.4 |
| kde | kde | 3.2.1 |
| kde | kde | 3.3 |
| kde | kde | 3.3.1 |
| kde | kde | 3.2.3 |
| ubuntu | ubuntu_linux | 5.04 |
| kde | kde | 3.2 |
| kde | kde | 3.3.2 |
| kde | kde | 3.2.2 |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 5.3 |
| gentoo | linux | * |
| trustix | secure_linux | 2.2 |
| freebsd | freebsd | 4.8 |
| redhat | enterprise_linux_desktop | 4.0 |
| freebsd | freebsd | 4.4 |
| freebsd | freebsd | 4.9 |
| redhat | enterprise_linux | 4.0 |
| freebsd | freebsd | 4.2 |
| turbolinux | turbolinux_workstation | 8.0 |
| freebsd | freebsd | 4.7 |
| turbolinux | turbolinux_desktop | 10.0 |
| gnu | gzip | 1.2.4 |
| freebsd | freebsd | 5.4 |
| redhat | enterprise_linux_desktop | 3.0 |
| freebsd | freebsd | 5.1 |
| freebsd | freebsd | 5.2 |
| freebsd | freebsd | 4.1 |
| trustix | secure_linux | 2.1 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup |
| freebsd | freebsd | 4.0 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| gnu | gzip | 1.3.3 |
| ubuntu | ubuntu_linux | 4.1 |
| trustix | secure_linux | 2.0 |
| freebsd | freebsd | 4.6.2 |
| freebsd | freebsd | 4.10 |
| turbolinux | turbolinux_server | 7.0 |
| freebsd | freebsd | 4.3 |
| freebsd | freebsd | 5.0 |
| turbolinux | turbolinux_server | 10.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting |
| gnu | gzip | 1.2.4a |
| freebsd | freebsd | 4.11 |
| turbolinux | turbolinux_workstation | 7.0 |
| freebsd | freebsd | 4.5 |
| freebsd | freebsd | 5.2.1 |
| turbolinux | turbolinux_home | * |
| freebsd | freebsd | 4.6 |
| ubuntu | ubuntu_linux | 5.04 |
| freebsd | freebsd | 4.1.1 |
| redhat | enterprise_linux | 2.1 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tetex | tetex | 1.0.7 |
| kde | kdegraphics | 3.2 |
| slackware | slackware_linux | 10.1 |
| trustix | secure_linux | 2.2 |
| kde | koffice | 1.4 |
| redhat | enterprise_linux | 4.0 |
| debian | debian_linux | 3.1 |
| turbolinux | turbolinux | fuji |
| mandrakesoft | mandrake_linux | 2006 |
| redhat | fedora_core | core_1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| slackware | slackware_linux | 9.1 |
| poppler | poppler | 0.4.2 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| kde | kpdf | 3.4.3 |
| redhat | linux | 7.3 |
| suse | suse_linux | 9.3 |
| kde | kpdf | 3.2 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| redhat | linux | 9.0 |
| trustix | secure_linux | 2.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| sgi | propack | 3.0 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| turbolinux | turbolinux_multimedia | * |
| libextractor | libextractor | * |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.1.22 |
| turbolinux | turbolinux_server | 10.0 |
| redhat | fedora_core | core_3.0 |
| debian | debian_linux | 3.0 |
| turbolinux | turbolinux_home | * |
| sco | openserver | 5.0.7 |
| kde | kdegraphics | 3.4.3 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| easy_software_products | cups | 1.1.23_rc1 |
| trustix | secure_linux | 3.0 |
| gentoo | linux | * |
| conectiva | linux | 10.0 |
| easy_software_products | cups | 1.1.23 |
| redhat | enterprise_linux_desktop | 4.0 |
| suse | suse_linux | 1.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| tetex | tetex | 2.0.2 |
| turbolinux | turbolinux_personal | * |
| redhat | fedora_core | core_2.0 |
| mandrakesoft | mandrake_linux | 10.2 |
| kde | koffice | 1.4.1 |
| redhat | fedora_core | core_4.0 |
| slackware | slackware_linux | 10.2 |
| suse | suse_linux | 9.2 |
| slackware | slackware_linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.22_rc1 |
| xpdf | xpdf | 3.0 |
| turbolinux | turbolinux | 10 |
| kde | koffice | 1.4.2 |
| kde | kword | 1.4.2 |
| slackware | slackware_linux | 9.0 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 10.0 |
| tetex | tetex | 3.0 |
| ubuntu | ubuntu_linux | 5.10 |
| ubuntu | ubuntu_linux | 5.04 |
| turbolinux | turbolinux_server | 10.0_x86 |
| redhat | enterprise_linux | 2.1 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tetex | tetex | 1.0.7 |
| kde | kdegraphics | 3.2 |
| slackware | slackware_linux | 10.1 |
| trustix | secure_linux | 2.2 |
| kde | koffice | 1.4 |
| redhat | enterprise_linux | 4.0 |
| debian | debian_linux | 3.1 |
| turbolinux | turbolinux | fuji |
| mandrakesoft | mandrake_linux | 2006 |
| redhat | fedora_core | core_1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| slackware | slackware_linux | 9.1 |
| poppler | poppler | 0.4.2 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| kde | kpdf | 3.4.3 |
| redhat | linux | 7.3 |
| suse | suse_linux | 9.3 |
| kde | kpdf | 3.2 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| redhat | linux | 9.0 |
| trustix | secure_linux | 2.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| sgi | propack | 3.0 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| turbolinux | turbolinux_multimedia | * |
| libextractor | libextractor | * |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.1.22 |
| turbolinux | turbolinux_server | 10.0 |
| redhat | fedora_core | core_3.0 |
| debian | debian_linux | 3.0 |
| turbolinux | turbolinux_home | * |
| sco | openserver | 5.0.7 |
| kde | kdegraphics | 3.4.3 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| easy_software_products | cups | 1.1.23_rc1 |
| trustix | secure_linux | 3.0 |
| gentoo | linux | * |
| conectiva | linux | 10.0 |
| easy_software_products | cups | 1.1.23 |
| redhat | enterprise_linux_desktop | 4.0 |
| suse | suse_linux | 1.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| tetex | tetex | 2.0.2 |
| turbolinux | turbolinux_personal | * |
| redhat | fedora_core | core_2.0 |
| mandrakesoft | mandrake_linux | 10.2 |
| kde | koffice | 1.4.1 |
| redhat | fedora_core | core_4.0 |
| slackware | slackware_linux | 10.2 |
| suse | suse_linux | 9.2 |
| slackware | slackware_linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.22_rc1 |
| xpdf | xpdf | 3.0 |
| turbolinux | turbolinux | 10 |
| kde | koffice | 1.4.2 |
| kde | kword | 1.4.2 |
| slackware | slackware_linux | 9.0 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 10.0 |
| tetex | tetex | 3.0 |
| ubuntu | ubuntu_linux | 5.10 |
| ubuntu | ubuntu_linux | 5.04 |
| turbolinux | turbolinux_server | 10.0_x86 |
| redhat | enterprise_linux | 2.1 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tetex | tetex | 1.0.7 |
| kde | kdegraphics | 3.2 |
| slackware | slackware_linux | 10.1 |
| trustix | secure_linux | 2.2 |
| kde | koffice | 1.4 |
| redhat | enterprise_linux | 4.0 |
| debian | debian_linux | 3.1 |
| turbolinux | turbolinux | fuji |
| mandrakesoft | mandrake_linux | 2006 |
| redhat | fedora_core | core_1.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| slackware | slackware_linux | 9.1 |
| poppler | poppler | 0.4.2 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| kde | kpdf | 3.4.3 |
| redhat | linux | 7.3 |
| suse | suse_linux | 9.3 |
| kde | kpdf | 3.2 |
| redhat | enterprise_linux | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| redhat | linux | 9.0 |
| trustix | secure_linux | 2.0 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| sgi | propack | 3.0 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| turbolinux | turbolinux_multimedia | * |
| libextractor | libextractor | * |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.1.22 |
| turbolinux | turbolinux_server | 10.0 |
| redhat | fedora_core | core_3.0 |
| debian | debian_linux | 3.0 |
| turbolinux | turbolinux_home | * |
| sco | openserver | 5.0.7 |
| kde | kdegraphics | 3.4.3 |
| suse | suse_linux | 9.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| easy_software_products | cups | 1.1.23_rc1 |
| trustix | secure_linux | 3.0 |
| gentoo | linux | * |
| conectiva | linux | 10.0 |
| easy_software_products | cups | 1.1.23 |
| redhat | enterprise_linux_desktop | 4.0 |
| suse | suse_linux | 1.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| sco | openserver | 6.0 |
| turbolinux | turbolinux_desktop | 10.0 |
| tetex | tetex | 2.0.2 |
| turbolinux | turbolinux_personal | * |
| redhat | fedora_core | core_2.0 |
| mandrakesoft | mandrake_linux | 10.2 |
| kde | koffice | 1.4.1 |
| redhat | fedora_core | core_4.0 |
| slackware | slackware_linux | 10.2 |
| suse | suse_linux | 9.2 |
| slackware | slackware_linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.22_rc1 |
| xpdf | xpdf | 3.0 |
| turbolinux | turbolinux | 10 |
| kde | koffice | 1.4.2 |
| kde | kword | 1.4.2 |
| slackware | slackware_linux | 9.0 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 10.0 |
| tetex | tetex | 3.0 |
| ubuntu | ubuntu_linux | 5.10 |
| ubuntu | ubuntu_linux | 5.04 |
| turbolinux | turbolinux_server | 10.0_x86 |
| redhat | enterprise_linux | 2.1 |
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| todd_miller | sudo | 1.6.5 |
| todd_miller | sudo | 1.6.7_p5 |
| todd_miller | sudo | 1.6.8_p12 |
| todd_miller | sudo | 1.6.3_p7 |
| todd_miller | sudo | 1.6.8 |
| todd_miller | sudo | 1.5.7 |
| todd_miller | sudo | 1.6.8_p8 |
| todd_miller | sudo | 1.6.3_p2 |
| todd_miller | sudo | 1.6.3_p4 |
| todd_miller | sudo | 1.5.8 |
| todd_miller | sudo | 1.6.8_p2 |
| todd_miller | sudo | 1.6.3_p3 |
| todd_miller | sudo | 1.6.6 |
| todd_miller | sudo | 1.5.9 |
| todd_miller | sudo | 1.6 |
| todd_miller | sudo | 1.6.7 |
| ubuntu | ubuntu_linux | 4.1 |
| todd_miller | sudo | 1.6.2 |
| todd_miller | sudo | 1.6.3_p6 |
| todd_miller | sudo | 1.6.3_p5 |
| todd_miller | sudo | 1.6.5_p1 |
| todd_miller | sudo | 1.6.4_p1 |
| todd_miller | sudo | 1.6.1 |
| todd_miller | sudo | 1.6.8_p5 |
| todd_miller | sudo | 1.5.6 |
| todd_miller | sudo | 1.6.8_p9 |
| ubuntu | ubuntu_linux | 5.10 |
| todd_miller | sudo | 1.6.3_p1 |
| todd_miller | sudo | 1.6.8_p1 |
| todd_miller | sudo | 1.6.5_p2 |
| todd_miller | sudo | 1.6.8_p7 |
| ubuntu | ubuntu_linux | 5.04 |
| todd_miller | sudo | 1.6.4 |
| todd_miller | sudo | 1.6.3 |
| todd_miller | sudo | 1.6.4_p2 |
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 5.10 |
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 6.06_lts |
| ubuntu | ubuntu_linux | 5.10 |
| ubuntu | ubuntu_linux | 5.04 |
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 6.06_lts |
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | linux_kernel | * |
| linux | linux_kernel | 2.6 |
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 10.04 |
| ubuntu | ubuntu_linux | 9.10 |
The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | edubuntu | 10.10 |
| ubuntu | edubuntu | 10.04 |
| ubuntu | live_dvd | * |
| ubuntu | edubuntu | 9.10 |
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | language-selector | 0.2.10 |
| ubuntu | language-selector | 0.5.1 |
| ubuntu | language-selector | 0.2.7 |
| ubuntu | language-selector | 0.1.21 |
| ubuntu | language-selector | 0.5.3 |
| ubuntu | language-selector | 0.4.5 |
| ubuntu | language-selector | 0.0+baz20050531 |
| ubuntu | language-selector | 0.1.26 |
| ubuntu | language-selector | 0.6.0 |
| ubuntu | language-selector | 0.0+baz20050824 |
| ubuntu | language-selector | 0.4.2 |
| ubuntu | language-selector | 0.4.11 |
| ubuntu | language-selector | 0.1.27 |
| ubuntu | language-selector | 0.6.5 |
| ubuntu | language-selector | 0.4.2.1 |
| ubuntu | language-selector | 0.2.6 |
| ubuntu | language-selector | 0.1.18 |
| ubuntu | language-selector | 0.4.16 |
| ubuntu | language-selector | 0.4.2.3 |
| ubuntu | language-selector | 0.2.1 |
| ubuntu | language-selector | 0.1.6 |
| ubuntu | language-selector | 0.3.14 |
| ubuntu | language-selector | 0.0+baz20050811 |
| ubuntu | language-selector | 0.3.7 |
| ubuntu | language-selector | 0.1.8 |
| ubuntu | language-selector | 0.0+baz20050927 |
| ubuntu | language-selector | 0.5.0 |
| ubuntu | language-selector | 0.4.2.2 |
| ubuntu | language-selector | 0.4.6 |
| ubuntu | language-selector | 0.4.9 |
| ubuntu | language-selector | 0.6.3 |
| ubuntu | language-selector | 0.4.17 |
| ubuntu | language-selector | 0.1.4 |
| ubuntu | language-selector | 0.1.17 |
| ubuntu | language-selector | 0.6.1 |
| ubuntu | language-selector | 0.1.22 |
| ubuntu | language-selector | 0.1.24 |
| ubuntu | language-selector | 0.0+baz20050823 |
| ubuntu | language-selector | 0.2.9 |
| ubuntu | language-selector | 0.4.19 |
| ubuntu | language-selector | 0.1.7 |
| ubuntu | language-selector | 0.3.6 |
| ubuntu | language-selector | 0.4.4 |
| ubuntu | language-selector | 0.1.11 |
| ubuntu | language-selector | 0.2.3 |
| ubuntu | language-selector | 0.4.3 |
| ubuntu | language-selector | 0.3.13 |
| ubuntu | language-selector | 0.1.20 |
| ubuntu | language-selector | 0.1.13 |
| ubuntu | language-selector | 0.0+baz20050609 |
| ubuntu | language-selector | 0.5.2 |
| ubuntu | language-selector | 0.3.20 |
| ubuntu | language-selector | 0.4.15 |
| ubuntu | language-selector | 0.3.12 |
| ubuntu | language-selector | 0.2.0 |
| ubuntu | language-selector | 0.3.21 |
| ubuntu | language-selector | 0.1.15 |
| ubuntu | language-selector | 0.3.16 |
| ubuntu | language-selector | 0.4.13 |
| ubuntu | language-selector | 0.3.2 |
| ubuntu | language-selector | 0.3.5 |
| ubuntu | language-selector | 0.4.7 |
| ubuntu | language-selector | 0.1.10 |
| ubuntu | language-selector | 0.2.4 |
| ubuntu | language-selector | 0.3.8 |
| ubuntu | language-selector | 0.1.1 |
| ubuntu | language-selector | 0.1.14 |
| ubuntu | language-selector | 0.3.0 |
| ubuntu | language-selector | * |
| ubuntu | language-selector | 0.1.29 |
| ubuntu | language-selector | 0.1.28 |
| ubuntu | language-selector | 0.0+baz20050614 |
| ubuntu | language-selector | 0.3.10 |
| ubuntu | language-selector | 0.1.9 |
| ubuntu | language-selector | 0.4.14 |
| ubuntu | language-selector | 0.4.1 |
| ubuntu | language-selector | 0.0+baz20050822 |
| ubuntu | language-selector | 0.0+baz20050808 |
| ubuntu | language-selector | 0.4.10 |
| ubuntu | language-selector | 0.5.6 |
| ubuntu | language-selector | 0.1.2 |
| ubuntu | language-selector | 0.1.5 |
| ubuntu | language-selector | 0.0+baz20050926 |
| ubuntu | language-selector | 0.2.8 |
| ubuntu | language-selector | 0.3.3 |
| ubuntu | language-selector | 0.1.3 |
| ubuntu | language-selector | 0.4.12 |
| ubuntu | language-selector | 0.1.30 |
| ubuntu | language-selector | 0.5.5 |
| ubuntu | language-selector | 0.3.1 |
| ubuntu | language-selector | 0.3.4 |
| ubuntu | language-selector | 0.4.0 |
| ubuntu | language-selector | 0.1.16 |
| ubuntu | language-selector | 0.2.2 |
| ubuntu | language-selector | 0.0+baz20050819.2 |
| ubuntu | language-selector | 0.1.25 |
| ubuntu | language-selector | 0.3.11 |
| ubuntu | language-selector | 0.5.7 |
| ubuntu | language-selector | 0.3.17 |
| ubuntu | language-selector | 0.2.5 |
| ubuntu | language-selector | 0.1 |
| ubuntu | language-selector | 0.6.2 |
| ubuntu | language-selector | 0.1.23 |
| ubuntu | language-selector | 0.4.8 |
| ubuntu | language-selector | 0.1.19 |
| ubuntu | language-selector | 0.3.15 |
| ubuntu | language-selector | 0.1.12 |
| ubuntu | language-selector | 0.3.9 |
| ubuntu | language-selector | 0.6.4 |
| ubuntu | language-selector | 0.4.18 |
| ubuntu | language-selector | 0.0+baz20050912 |
| ubuntu | language-selector | 0.0+baz20050819 |
| ubuntu | language-selector | 0.5.4 |
dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | language-selector | 0.2.10 |
| ubuntu | language-selector | 0.5.1 |
| ubuntu | language-selector | 0.2.7 |
| ubuntu | language-selector | 0.1.21 |
| ubuntu | language-selector | 0.5.3 |
| ubuntu | language-selector | 0.4.5 |
| ubuntu | language-selector | 0.0+baz20050531 |
| ubuntu | language-selector | 0.1.26 |
| ubuntu | language-selector | 0.6.0 |
| ubuntu | language-selector | 0.0+baz20050824 |
| ubuntu | language-selector | 0.4.2 |
| ubuntu | language-selector | 0.4.11 |
| ubuntu | language-selector | 0.1.27 |
| ubuntu | language-selector | 0.6.5 |
| ubuntu | language-selector | 0.4.2.1 |
| ubuntu | language-selector | 0.2.6 |
| ubuntu | language-selector | 0.1.18 |
| ubuntu | language-selector | 0.4.16 |
| ubuntu | language-selector | 0.4.2.3 |
| ubuntu | language-selector | 0.2.1 |
| ubuntu | language-selector | 0.1.6 |
| ubuntu | language-selector | 0.3.14 |
| ubuntu | language-selector | 0.0+baz20050811 |
| ubuntu | language-selector | 0.3.7 |
| ubuntu | language-selector | 0.1.8 |
| ubuntu | language-selector | 0.0+baz20050927 |
| ubuntu | language-selector | 0.5.0 |
| ubuntu | language-selector | 0.4.2.2 |
| ubuntu | language-selector | 0.4.6 |
| ubuntu | language-selector | 0.4.9 |
| ubuntu | language-selector | 0.6.3 |
| ubuntu | language-selector | 0.4.17 |
| ubuntu | language-selector | 0.1.4 |
| ubuntu | language-selector | 0.1.17 |
| ubuntu | language-selector | 0.6.1 |
| ubuntu | language-selector | 0.1.22 |
| ubuntu | language-selector | 0.1.24 |
| ubuntu | language-selector | 0.0+baz20050823 |
| ubuntu | language-selector | 0.2.9 |
| ubuntu | language-selector | 0.4.19 |
| ubuntu | language-selector | 0.1.7 |
| ubuntu | language-selector | 0.3.6 |
| ubuntu | language-selector | 0.4.4 |
| ubuntu | language-selector | 0.1.11 |
| ubuntu | language-selector | 0.2.3 |
| ubuntu | language-selector | 0.4.3 |
| ubuntu | language-selector | 0.3.13 |
| ubuntu | language-selector | 0.1.20 |
| ubuntu | language-selector | 0.1.13 |
| ubuntu | language-selector | 0.0+baz20050609 |
| ubuntu | language-selector | 0.5.2 |
| ubuntu | language-selector | 0.3.20 |
| ubuntu | language-selector | 0.4.15 |
| ubuntu | language-selector | 0.3.12 |
| ubuntu | language-selector | 0.2.0 |
| ubuntu | language-selector | 0.3.21 |
| ubuntu | language-selector | 0.1.15 |
| ubuntu | language-selector | 0.3.16 |
| ubuntu | language-selector | 0.4.13 |
| ubuntu | language-selector | 0.3.2 |
| ubuntu | language-selector | 0.3.5 |
| ubuntu | language-selector | 0.4.7 |
| ubuntu | language-selector | 0.1.10 |
| ubuntu | language-selector | 0.2.4 |
| ubuntu | language-selector | 0.3.8 |
| ubuntu | language-selector | 0.1.1 |
| ubuntu | language-selector | 0.1.14 |
| ubuntu | language-selector | 0.3.0 |
| ubuntu | language-selector | * |
| ubuntu | language-selector | 0.1.29 |
| ubuntu | language-selector | 0.1.28 |
| ubuntu | language-selector | 0.0+baz20050614 |
| ubuntu | language-selector | 0.3.10 |
| ubuntu | language-selector | 0.1.9 |
| ubuntu | language-selector | 0.4.14 |
| ubuntu | language-selector | 0.4.1 |
| ubuntu | language-selector | 0.0+baz20050822 |
| ubuntu | language-selector | 0.0+baz20050808 |
| ubuntu | language-selector | 0.4.10 |
| ubuntu | language-selector | 0.5.6 |
| ubuntu | language-selector | 0.1.2 |
| ubuntu | language-selector | 0.1.5 |
| ubuntu | language-selector | 0.0+baz20050926 |
| ubuntu | language-selector | 0.2.8 |
| ubuntu | language-selector | 0.3.3 |
| ubuntu | language-selector | 0.1.3 |
| ubuntu | language-selector | 0.4.12 |
| ubuntu | language-selector | 0.1.30 |
| ubuntu | language-selector | 0.5.5 |
| ubuntu | language-selector | 0.3.1 |
| ubuntu | language-selector | 0.3.4 |
| ubuntu | language-selector | 0.4.0 |
| ubuntu | language-selector | 0.1.16 |
| ubuntu | language-selector | 0.2.2 |
| ubuntu | language-selector | 0.0+baz20050819.2 |
| ubuntu | language-selector | 0.1.25 |
| ubuntu | language-selector | 0.3.11 |
| ubuntu | language-selector | 0.5.7 |
| ubuntu | language-selector | 0.3.17 |
| ubuntu | language-selector | 0.2.5 |
| ubuntu | language-selector | 0.1 |
| ubuntu | language-selector | 0.6.2 |
| ubuntu | language-selector | 0.1.23 |
| ubuntu | language-selector | 0.4.8 |
| ubuntu | language-selector | 0.1.19 |
| ubuntu | language-selector | 0.3.15 |
| ubuntu | language-selector | 0.1.12 |
| ubuntu | language-selector | 0.3.9 |
| ubuntu | language-selector | 0.6.4 |
| ubuntu | language-selector | 0.4.18 |
| ubuntu | language-selector | 0.0+baz20050912 |
| ubuntu | language-selector | 0.0+baz20050819 |
| ubuntu | language-selector | 0.5.4 |
Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | metal_as_a_service | 1.4 |
| ubuntu | metal_as_a_service | 1.2 |
Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | metal_as_a_service | 1.4 |
| ubuntu | metal_as_a_service | 1.2 |
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | jboss_enterprise_portal_platform | 4.3.0 |
| redhat | openshift | * |
| redhat | jboss_enterprise_portal_platform | 5.2.2 |
| redhat | jboss_enterprise_web_server | 1.0.2 |
| redhat | jboss_enterprise_brms_platform | 5.3.1 |
| ubuntu | ubuntu | 10.04 |
| redhat | jboss_enterprise_portal_platform | 6.0.0 |
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu | 14.04 |
| ubuntu | apparmor | * |
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.10 |
| canonical | ubuntu_linux | 15.1 |
| canonical | ubuntu_linux | 14.04 |
| ubuntu | network-manager | * |
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xen | xen | 3.3.2 |
| linux | linux_kernel | * |
| xen | xen | 4.4.0 |
| xen | xen | 3.4.0 |
| xen | xen | 3.4.4 |
| xen | xen | 4.3.1 |
| xen | xen | 4.1.3 |
| xen | xen | 4.5.0 |
| xen | xen | 4.0.1 |
| ubuntu | ubuntu | 12.04 |
| xen | xen | 3.4.1 |
| xen | xen | 4.2.1 |
| xen | xen | 4.1.5 |
| xen | xen | 4.1.4 |
| xen | xen | 4.0.2 |
| xen | xen | 4.2.2 |
| xen | xen | 3.4.2 |
| xen | xen | 3.4.3 |
| xen | xen | 4.1.2 |
| xen | xen | 4.3.0 |
| xen | xen | 4.1.6.1 |
| xen | xen | 3.3.0 |
| xen | xen | 4.0.4 |
| xen | xen | 4.1.1 |
| xen | xen | 4.0.3 |
| xen | xen | 4.4.1 |
| xen | xen | 4.1.0 |
| xen | xen | 3.3.1 |
| xen | xen | 4.2.0 |
| xen | xen | 4.2.3 |
| xen | xen | 4.0.0 |
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-19,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | vivid | 15.04 |
| ubuntu | upstart | * |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu | 12.04 |
| libav | libav | * |
| opensuse | leap | 42.1 |
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-125,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dovecot | dovecot | 2.2.33.2 |
| debian | debian_linux | 9.0 |
| ubuntu | ubuntu | 16.04 |
| ubuntu | ubuntu | 17.10 |
| debian | debian_linux | 8.0 |
| ubuntu | ubuntu | 14.04 |
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 4.7 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N | 1.6 | 2.7 |
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N | 1.6 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-327,CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | python-apt | 0.9.3.5 |
| debian | python-apt | 1.8.4 |
| ubuntu | python-apt | 1.4.0 |
| ubuntu | python-apt | 0.8.3 |
| ubuntu | python-apt | 0.9.3.2 |
| ubuntu | python-apt | 1.6.0 |
| ubuntu | python-apt | 1.7.0 |
| ubuntu | python-apt | 1.8.3 |
| ubuntu | python-apt | 0.9.1 |
| ubuntu | python-apt | 1.9.0 |
| ubuntu | python-apt | 1.8.1 |
| ubuntu | python-apt | 0.9.0 |
| ubuntu | python-apt | 1.6.3 |
| ubuntu | python-apt | 1.8.4 |
| ubuntu | python-apt | 1.0.1 |
| ubuntu | python-apt | 0.8.9.1 |
| ubuntu | python-apt | 1.6.2 |
| ubuntu | python-apt | 0.9.3.3 |
| ubuntu | python-apt | 0.8.0 |
| ubuntu | python-apt | 1.6.1 |
| ubuntu | python-apt | 1.8.2 |
| ubuntu | python-apt | 0.8.1 |
| ubuntu | python-apt | 1.6.4 |
| ubuntu | python-apt | 0.9.3.1 |
| ubuntu | python-apt | 0.9.3.4 |
| ubuntu | python-apt | 1.1.0 |
| ubuntu | python-apt | 1.8.0 |
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@ubuntu.com | 4.7 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N | 1.6 | 2.7 |
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N | 1.6 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-287,CWE-347,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | python-apt | 0.9.3.5 |
| debian | python-apt | 1.8.4 |
| ubuntu | python-apt | 1.4.0 |
| ubuntu | python-apt | 0.8.3 |
| ubuntu | python-apt | 0.9.3.2 |
| ubuntu | python-apt | 1.6.0 |
| ubuntu | python-apt | 1.7.0 |
| ubuntu | python-apt | 1.8.3 |
| ubuntu | python-apt | 0.9.1 |
| ubuntu | python-apt | 1.9.0 |
| ubuntu | python-apt | 1.8.1 |
| ubuntu | python-apt | 0.9.0 |
| ubuntu | python-apt | 1.6.3 |
| ubuntu | python-apt | 1.8.4 |
| ubuntu | python-apt | 1.0.1 |
| ubuntu | python-apt | 0.8.9.1 |
| ubuntu | python-apt | 1.6.2 |
| ubuntu | python-apt | 0.9.3.3 |
| ubuntu | python-apt | 0.8.0 |
| ubuntu | python-apt | 1.6.1 |
| ubuntu | python-apt | 1.8.2 |
| ubuntu | python-apt | 0.8.1 |
| ubuntu | python-apt | 1.6.4 |
| ubuntu | python-apt | 0.9.3.1 |
| ubuntu | python-apt | 0.9.3.4 |
| ubuntu | python-apt | 1.1.0 |
| ubuntu | python-apt | 1.8.0 |
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | python-apt | 2.0.1 |
| ubuntu | python-apt | 0.9.3.5 |
| ubuntu | python-apt | 2.7.7 |
| ubuntu | python-apt | 3.0.0 |
| ubuntu | python-apt | 2.4.0 |
| ubuntu | python-apt | 0.9.3.11 |
| ubuntu | python-apt | 1.6.6 |
| debian | debian_linux | 11.0 |
| ubuntu | python-apt | 1.1.0 |
| ubuntu | python-apt | * |