MidnightBSD

Advisories for ubuntu

CVE-1999-1572 LOW

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
ubuntu ubuntu_linux 4.10
freebsd freebsd 2.1.0
mandrakesoft mandrake_linux cs2.1
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 10.0
debian debian_linux 3.0
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux 4.0
mandrakesoft mandrake_linux cs3.0
CVE-2004-0802 MEDIUM

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
imagemagick imagemagick 5.4.7
enlightenment imlib2 1.0
redhat fedora_core core_1.0
redhat enterprise_linux_desktop 3.0
enlightenment imlib 1.9.1
mandrakesoft mandrake_linux_corporate_server 2.1
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
sun java_desktop_system 2003
turbolinux turbolinux_server 8.0
suse suse_linux 9.0
imagemagick imagemagick 5.5.7
mandrakesoft mandrake_linux 9.2
enlightenment imlib2 1.1
enlightenment imlib 1.9.9
turbolinux turbolinux_server 7.0
imagemagick imagemagick 5.4.8
redhat fedora_core core_3.0
enlightenment imlib 1.9.11
enlightenment imlib 1.9.14
enlightenment imlib 1.9.5
sun java_desktop_system 2.0
suse suse_linux 9.1
enlightenment imlib 1.9.7
conectiva linux 9.0
mandrakesoft mandrake_linux 10.0
conectiva linux 10.0
turbolinux turbolinux_workstation 8.0
imagemagick imagemagick 5.4.3
turbolinux turbolinux_desktop 10.0
imagemagick imagemagick 5.4.4.5
enlightenment imlib 1.9.8
enlightenment imlib 1.9.4
imagemagick imagemagick 5.4.8.2.1.1.0
imagemagick imagemagick 5.5.3.2.1.2.0
redhat fedora_core core_2.0
enlightenment imlib2 1.0.1
enlightenment imlib2 1.0.2
imagemagick imagemagick 6.0.2
suse suse_linux 8.0
enlightenment imlib 1.9.10
enlightenment imlib 1.9.6
enlightenment imlib 1.9.3
suse suse_linux 9.2
enlightenment imlib2 1.0.4
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.13
enlightenment imlib2 1.0.3
enlightenment imlib2 1.0.5
enlightenment imlib 1.9.2
turbolinux turbolinux_workstation 7.0
suse suse_linux 8.2
imagemagick imagemagick 5.5.6.0_2003-04-09
enlightenment imlib 1.9
enlightenment imlib 1.9.12
enlightenment imlib2 1.1.1
imagemagick imagemagick 5.3.3
redhat enterprise_linux 2.1
CVE-2004-0814 LOW

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
linux linux_kernel 2.2.9
linux linux_kernel 2.2.7
linux linux_kernel 2.4.14
linux linux_kernel 2.2.24
linux linux_kernel 2.4.9
linux linux_kernel 2.4.7
linux linux_kernel 2.4.20
linux linux_kernel 2.2.25
linux linux_kernel 2.4.21
linux linux_kernel 2.2.2
linux linux_kernel 2.2.20
linux linux_kernel 2.2.0
linux linux_kernel 2.2.14
linux linux_kernel 2.2.17
linux linux_kernel 2.4.16
linux linux_kernel 2.4.10
linux linux_kernel 2.4.5
linux linux_kernel 2.4.11
linux linux_kernel 2.4.25
linux linux_kernel 2.2.12
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.2.10
linux linux_kernel 2.4.17
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
linux linux_kernel 2.4.19
linux linux_kernel 2.4.18
linux linux_kernel 2.2.15
linux linux_kernel 2.2.1
linux linux_kernel 2.4.3
linux linux_kernel 2.6.0
linux linux_kernel 2.2.18
linux linux_kernel 2.4.22
linux linux_kernel 2.2.23
linux linux_kernel 2.4.2
linux linux_kernel 2.4.15
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.2.8
linux linux_kernel 2.4.13
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.2.16
linux linux_kernel 2.2.15_pre20
linux linux_kernel 2.4.6
linux linux_kernel 2.4.4
linux linux_kernel 2.2.11
linux linux_kernel 2.4.26
linux linux_kernel 2.4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.2.13
linux linux_kernel 2.6.4
linux linux_kernel 2.4.0
linux linux_kernel 2.2.19
linux linux_kernel 2.4.23
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.4.12
linux linux_kernel 2.4.8
linux linux_kernel 2.2.22
linux linux_kernel 2.2.21
linux linux_kernel 2.2.3
linux linux_kernel 2.6.5
CVE-2004-0817 HIGH

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
imagemagick imagemagick 5.4.7
enlightenment imlib2 1.0
redhat fedora_core core_1.0
redhat enterprise_linux_desktop 3.0
enlightenment imlib 1.9.1
mandrakesoft mandrake_linux_corporate_server 2.1
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
sun java_desktop_system 2003
turbolinux turbolinux_server 8.0
suse suse_linux 9.0
imagemagick imagemagick 5.5.7
mandrakesoft mandrake_linux 9.2
enlightenment imlib2 1.1
enlightenment imlib 1.9.9
turbolinux turbolinux_server 7.0
imagemagick imagemagick 5.4.8
redhat fedora_core core_3.0
enlightenment imlib 1.9.11
enlightenment imlib 1.9.14
enlightenment imlib 1.9.5
sun java_desktop_system 2.0
suse suse_linux 9.1
enlightenment imlib 1.9.7
conectiva linux 9.0
mandrakesoft mandrake_linux 10.0
conectiva linux 10.0
turbolinux turbolinux_workstation 8.0
imagemagick imagemagick 5.4.3
turbolinux turbolinux_desktop 10.0
imagemagick imagemagick 5.4.4.5
enlightenment imlib 1.9.8
enlightenment imlib 1.9.4
imagemagick imagemagick 5.4.8.2.1.1.0
imagemagick imagemagick 5.5.3.2.1.2.0
redhat fedora_core core_2.0
enlightenment imlib2 1.0.1
enlightenment imlib2 1.0.2
imagemagick imagemagick 6.0.2
suse suse_linux 8.0
enlightenment imlib 1.9.10
enlightenment imlib 1.9.6
enlightenment imlib 1.9.3
suse suse_linux 9.2
enlightenment imlib2 1.0.4
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.13
enlightenment imlib2 1.0.3
enlightenment imlib2 1.0.5
enlightenment imlib 1.9.2
turbolinux turbolinux_workstation 7.0
suse suse_linux 8.2
imagemagick imagemagick 5.5.6.0_2003-04-09
enlightenment imlib 1.9
enlightenment imlib 1.9.12
enlightenment imlib2 1.1.1
imagemagick imagemagick 5.3.3
redhat enterprise_linux 2.1
CVE-2004-0827 HIGH

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
imagemagick imagemagick 5.4.7
enlightenment imlib2 1.0
redhat fedora_core core_1.0
redhat enterprise_linux_desktop 3.0
enlightenment imlib 1.9.1
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux workstation_8.0
redhat enterprise_linux 3.0
turbolinux turbolinux server_8.0
redhat linux_advanced_workstation 2.1
sun java_desktop_system 2003
suse suse_linux 9.0
imagemagick imagemagick 5.5.7
mandrakesoft mandrake_linux 9.2
enlightenment imlib2 1.1
enlightenment imlib 1.9.9
imagemagick imagemagick 5.4.8
redhat fedora_core core_3.0
enlightenment imlib 1.9.11
enlightenment imlib 1.9.14
enlightenment imlib 1.9.5
sun java_desktop_system 2.0
suse suse_linux 9.1
enlightenment imlib 1.9.7
conectiva linux 9.0
mandrakesoft mandrake_linux 10.0
conectiva linux 10.0
imagemagick imagemagick 5.4.3
imagemagick imagemagick 5.4.4.5
enlightenment imlib 1.9.8
enlightenment imlib 1.9.4
imagemagick imagemagick 5.4.8.2.1.1.0
imagemagick imagemagick 5.5.3.2.1.2.0
redhat fedora_core core_2.0
turbolinux turbolinux server_7.0
enlightenment imlib2 1.0.1
enlightenment imlib2 1.0.2
imagemagick imagemagick 6.0.2
turbolinux turbolinux workstation_7.0
suse suse_linux 8.0
enlightenment imlib 1.9.10
enlightenment imlib 1.9.6
enlightenment imlib 1.9.3
suse suse_linux 9.2
enlightenment imlib2 1.0.4
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.13
enlightenment imlib2 1.0.3
enlightenment imlib2 1.0.5
turbolinux turbolinux desktop_10.0
enlightenment imlib 1.9.2
suse suse_linux 8.2
imagemagick imagemagick 5.5.6.0_2003-04-09
enlightenment imlib 1.9
enlightenment imlib 1.9.12
enlightenment imlib2 1.1.1
imagemagick imagemagick 5.3.3
redhat enterprise_linux 2.1
CVE-2004-0882 HIGH

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
samba samba 3.0.2a
ubuntu ubuntu_linux 4.1
conectiva linux 10.0
samba samba 3.0.7
samba samba 3.0.3
samba samba 3.0.4
samba samba 3.0.6
redhat enterprise_linux_desktop 3.0
redhat fedora_core core_3.0
samba samba 3.0.1
samba samba 3.0.5
redhat fedora_core core_2.0
samba samba 3.0.0
redhat enterprise_linux 2.1
samba samba 3.0.2
CVE-2004-0883 MEDIUM

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
trustix secure_linux 2.2
linux linux_kernel 2.4.14
linux linux_kernel 2.4.9
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.4.7
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.21
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
suse suse_linux 9.0
trustix secure_linux 2.0
linux linux_kernel 2.4.16
redhat fedora_core core_3.0
linux linux_kernel 2.4.10
linux linux_kernel 2.4.5
linux linux_kernel 2.4.11
linux linux_kernel 2.4.25
linux linux_kernel 2.4.24_ow1
suse suse_linux 9.1
linux linux_kernel 2.4.17
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
suse suse_linux 8
linux linux_kernel 2.4.19
linux linux_kernel 2.4.18
suse suse_linux 1.0
linux linux_kernel 2.4.3
linux linux_kernel 2.6.0
linux linux_kernel 2.4.22
linux linux_kernel 2.4.2
redhat fedora_core core_2.0
linux linux_kernel 2.4.15
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.4.13
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
trustix secure_linux 2.1
suse suse_linux 9.2
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.6
trustix secure_linux 1.5
linux linux_kernel 2.4.4
linux linux_kernel 2.4.26
linux linux_kernel 2.4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.4
linux linux_kernel 2.4.0
linux linux_kernel 2.4.23
linux linux_kernel 2.6_test9_cvs
suse suse_linux 8.2
linux linux_kernel 2.4.12
linux linux_kernel 2.4.8
linux linux_kernel 2.6.5
redhat enterprise_linux 2.1
CVE-2004-0888 HIGH

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde koffice 1.3_beta1
tetex tetex 1.0.7
easy_software_products cups 1.1.10
pdftohtml pdftohtml 0.34
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.4_3
xpdf xpdf 0.90
easy_software_products cups 1.1.16
pdftohtml pdftohtml 0.35
redhat enterprise_linux_desktop 3.0
xpdf xpdf 1.0
xpdf xpdf 1.1
easy_software_products cups 1.1.15
kde kde 3.3
kde kde 3.3.1
easy_software_products cups 1.1.19
xpdf xpdf 0.92
kde kde 3.2
kde kpdf 3.2
easy_software_products cups 1.0.4
kde koffice 1.3_beta2
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.20
suse suse_linux 9.0
xpdf xpdf 2.3
easy_software_products cups 1.1.13
pdftohtml pdftohtml 0.36
tetex tetex 2.0.1
easy_software_products cups 1.1.12
easy_software_products cups 1.1.14
debian debian_linux 3.0
easy_software_products cups 1.1.19_rc5
kde koffice 1.3.3
easy_software_products cups 1.1.4
pdftohtml pdftohtml 0.32a
suse suse_linux 9.1
easy_software_products cups 1.1.4_2
xpdf xpdf 2.1
easy_software_products cups 1.1.7
gentoo linux *
gnome gpdf 0.112
easy_software_products cups 1.1.18
gnome gpdf 0.131
tetex tetex 2.0.2
easy_software_products cups 1.1.6
redhat fedora_core core_2.0
kde kde 3.2.1
kde koffice 1.3.1
suse suse_linux 8.0
easy_software_products cups 1.1.17
xpdf xpdf 0.91
kde kde 3.2.2
suse suse_linux 9.2
xpdf xpdf 0.93
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.32b
xpdf xpdf 3.0
easy_software_products cups 1.0.4_8
kde koffice 1.3.2
easy_software_products cups 1.1.1
xpdf xpdf 1.0a
kde koffice 1.3
tetex tetex 2.0
suse suse_linux 8.2
easy_software_products cups 1.1.4_5
kde kde 3.2.3
pdftohtml pdftohtml 0.33a
xpdf xpdf 2.0
redhat enterprise_linux 2.1
CVE-2004-0889 HIGH

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde koffice 1.3_beta1
tetex tetex 1.0.7
easy_software_products cups 1.1.10
pdftohtml pdftohtml 0.34
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.4_3
xpdf xpdf 0.90
easy_software_products cups 1.1.16
pdftohtml pdftohtml 0.35
redhat enterprise_linux_desktop 3.0
xpdf xpdf 1.0
xpdf xpdf 1.1
easy_software_products cups 1.1.15
kde kde 3.3
kde kde 3.3.1
easy_software_products cups 1.1.19
xpdf xpdf 0.92
kde kde 3.2
kde kpdf 3.2
easy_software_products cups 1.0.4
kde koffice 1.3_beta2
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.20
suse suse_linux 9.0
xpdf xpdf 2.3
easy_software_products cups 1.1.13
pdftohtml pdftohtml 0.36
tetex tetex 2.0.1
easy_software_products cups 1.1.12
easy_software_products cups 1.1.14
debian debian_linux 3.0
easy_software_products cups 1.1.19_rc5
kde koffice 1.3.3
easy_software_products cups 1.1.4
pdftohtml pdftohtml 0.32a
suse suse_linux 9.1
easy_software_products cups 1.1.4_2
xpdf xpdf 2.1
easy_software_products cups 1.1.7
gentoo linux *
gnome gpdf 0.112
easy_software_products cups 1.1.18
gnome gpdf 0.131
tetex tetex 2.0.2
easy_software_products cups 1.1.6
redhat fedora_core core_2.0
kde kde 3.2.1
kde koffice 1.3.1
suse suse_linux 8.0
easy_software_products cups 1.1.17
xpdf xpdf 0.91
kde kde 3.2.2
suse suse_linux 9.2
xpdf xpdf 0.93
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
kde koffice 1.3_beta3
pdftohtml pdftohtml 0.32b
xpdf xpdf 3.0
easy_software_products cups 1.0.4_8
kde koffice 1.3.2
easy_software_products cups 1.1.1
xpdf xpdf 1.0a
kde koffice 1.3
tetex tetex 2.0
suse suse_linux 8.2
easy_software_products cups 1.1.4_5
kde kde 3.2.3
pdftohtml pdftohtml 0.33a
xpdf xpdf 2.0
redhat enterprise_linux 2.1
CVE-2004-0891 HIGH

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
rob_flynn gaim 0.54
rob_flynn gaim 0.78
gentoo linux *
rob_flynn gaim 0.70
rob_flynn gaim 1.0.1
rob_flynn gaim 0.53
rob_flynn gaim 0.74
rob_flynn gaim 0.57
rob_flynn gaim 0.63
slackware slackware_linux 9.1
slackware slackware_linux current
rob_flynn gaim 0.72
rob_flynn gaim 0.68
rob_flynn gaim 0.56
rob_flynn gaim 0.61
rob_flynn gaim 0.52
rob_flynn gaim 0.59.1
rob_flynn gaim 0.55
rob_flynn gaim 0.10
rob_flynn gaim 0.51
rob_flynn gaim 0.67
rob_flynn gaim 0.82
slackware slackware_linux 10.0
rob_flynn gaim 0.64
ubuntu ubuntu_linux 4.1
rob_flynn gaim 0.62
gentoo linux 1.4
rob_flynn gaim 0.50
rob_flynn gaim 0.82.1
rob_flynn gaim 0.69
rob_flynn gaim 0.59
rob_flynn gaim 0.73
rob_flynn gaim 0.66
slackware slackware_linux 9.0
rob_flynn gaim 0.10.3
rob_flynn gaim 0.75
rob_flynn gaim 0.60
rob_flynn gaim 0.58
rob_flynn gaim 0.71
rob_flynn gaim 1.0
rob_flynn gaim 0.65
CVE-2004-0918 MEDIUM

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
squid squid 2.0_patch2
gentoo linux *
squid squid 2.4_.stable7
squid squid 3.0_pre1
squid squid 2.5_.stable3
redhat fedora_core core_2.0
squid squid 3.0_pre3
squid squid 2.5_.stable1
openpkg openpkg 2.2
squid squid 2.5_.stable4
trustix secure_linux 2.1
squid squid 2.1_patch2
squid squid 2.4_.stable6
squid squid 2.3_.stable5
openpkg openpkg 2.1
ubuntu ubuntu_linux 4.1
squid squid 2.5_.stable5
trustix secure_linux 2.0
trustix secure_linux 1.5
squid squid 2.3_.stable4
squid squid 2.4_.stable2
squid squid 2.4
openpkg openpkg current
squid squid 3.0_pre2
squid squid 2.5_.stable6
CVE-2004-0949 MEDIUM

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
trustix secure_linux 2.2
linux linux_kernel 2.4.14
linux linux_kernel 2.4.9
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.4.7
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.21
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
suse suse_linux 9.0
trustix secure_linux 2.0
linux linux_kernel 2.4.16
redhat fedora_core core_3.0
linux linux_kernel 2.4.10
linux linux_kernel 2.4.5
linux linux_kernel 2.4.11
linux linux_kernel 2.4.25
linux linux_kernel 2.4.24_ow1
suse suse_linux 9.1
linux linux_kernel 2.4.17
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
suse suse_linux 8
linux linux_kernel 2.4.19
linux linux_kernel 2.4.18
suse suse_linux 1.0
linux linux_kernel 2.4.3
linux linux_kernel 2.6.0
linux linux_kernel 2.4.22
linux linux_kernel 2.4.2
redhat fedora_core core_2.0
linux linux_kernel 2.4.15
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.4.13
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
trustix secure_linux 2.1
suse suse_linux 9.2
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.6
trustix secure_linux 1.5
linux linux_kernel 2.4.4
linux linux_kernel 2.4.26
linux linux_kernel 2.4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.4
linux linux_kernel 2.4.0
linux linux_kernel 2.4.23
linux linux_kernel 2.6_test9_cvs
suse suse_linux 8.2
linux linux_kernel 2.4.12
linux linux_kernel 2.4.8
linux linux_kernel 2.6.5
redhat enterprise_linux 2.1
CVE-2004-0956 MEDIUM

MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.1
oracle mysql 4.0.14
oracle mysql 4.0.1
oracle mysql 4.0.5a
oracle mysql 4.0.15
oracle mysql 4.0.5
oracle mysql 4.0.0
oracle mysql 4.0.11
oracle mysql 4.0.4
suse suse_linux 8.0
suse suse_linux 9.2
oracle mysql 4.0.3
oracle mysql 4.0.13
suse suse_linux 8.1
suse suse_linux 9.0
ubuntu ubuntu_linux 4.1
oracle mysql 4.0.9
oracle mysql 4.0.18
oracle mysql 4.0.7
oracle mysql 4.0.8
oracle mysql 4.0.20
suse suse_linux 8.2
oracle mysql 4.0.10
oracle mysql 4.0.12
oracle mysql 4.0.6
oracle mysql 4.0.2
CVE-2004-0957 MEDIUM

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql 3.23.56
oracle mysql 3.23.54
oracle mysql 3.22.28
oracle mysql 3.23.4
oracle mysql 3.23.8
oracle mysql 3.23.49
oracle mysql 3.23.50
oracle mysql 3.23.54a
redhat enterprise_linux_desktop 3.0
oracle mysql 3.23.43
oracle mysql 3.20
oracle mysql 4.0.15
oracle mysql 4.0.0
oracle mysql 3.23.39
oracle mysql 4.0.11
oracle mysql 3.23.10
oracle mysql 4.0.4
openpkg openpkg 2.2
oracle mysql 3.22.30
oracle mysql 3.23.2
oracle mysql 3.23.52
oracle mysql 3.22.32
redhat enterprise_linux 3.0
suse suse_linux 9.0
oracle mysql 3.23.25
trustix secure_linux 2.0
oracle mysql 3.23.29
oracle mysql 3.23.36
oracle mysql 4.0.7
oracle mysql 3.23.53a
oracle mysql 3.22.27
oracle mysql 3.23.32
oracle mysql 3.23.44
oracle mysql 3.23.48
oracle mysql 4.0.8
oracle mysql 3.23.46
openpkg openpkg current
oracle mysql 4.0.10
oracle mysql 3.23.24
oracle mysql 4.0.12
oracle mysql 4.0.6
oracle mysql 4.0.2
suse suse_linux 9.1
oracle mysql 3.23.34
oracle mysql 3.23.40
oracle mysql 3.23.53
oracle mysql 3.23.22
oracle mysql 4.0.14
oracle mysql 3.22.26
oracle mysql 3.23.42
oracle mysql 3.23.47
oracle mysql 3.23.30
oracle mysql 3.23.58
oracle mysql 3.23.26
oracle mysql 4.0.1
oracle mysql 4.0.5a
oracle mysql 4.0.5
oracle mysql 3.23.31
suse suse_linux 8.0
oracle mysql 3.23.38
trustix secure_linux 2.1
oracle mysql 3.23.9
oracle mysql 3.23.51
suse suse_linux 9.2
oracle mysql 4.0.3
oracle mysql 4.0.13
openpkg openpkg 2.1
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
oracle mysql 3.23.45
oracle mysql 4.0.9
trustix secure_linux 1.5
oracle mysql 4.0.18
oracle mysql 3.23.59
oracle mysql 3.22
oracle mysql 3.23.3
oracle mysql 4.0.20
oracle mysql 3.20.32a
oracle mysql 3.23.41
oracle mysql 3.23.37
oracle mysql 3.23
oracle mysql 3.22.29
oracle mysql 3.23.5
suse suse_linux 8.2
oracle mysql 3.23.27
oracle mysql 3.23.28
oracle mysql 3.23.55
oracle mysql 3.21
oracle mysql 3.23.33
oracle mysql 3.23.23
CVE-2004-0966 LOW

The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 4.1
gnu gettext 0.14.1
CVE-2004-0969 LOW

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gentoo linux *
ubuntu ubuntu_linux 4.1
gnu groff 1.19
CVE-2004-0983 MEDIUM

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
gentoo linux *
ubuntu ubuntu_linux 4.1
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 10.0
yukihiro_matsumoto ruby 1.8.1
yukihiro_matsumoto ruby 1.8
yukihiro_matsumoto ruby 1.8.2_pre2
yukihiro_matsumoto ruby 1.6.7
yukihiro_matsumoto ruby 1.6
yukihiro_matsumoto ruby 1.8.2_pre1
mandrakesoft mandrake_linux_corporate_server 2.1
CVE-2004-0989 HIGH

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xmlsoft libxml2 2.6.11
ubuntu ubuntu_linux 4.1
xmlsoft libxml2 2.6.9
xmlsoft libxml2 2.6.13
trustix secure_linux 2.0
xmlsoft libxml2 2.6.12
xmlsoft libxml2 2.5.11
xmlsoft libxml2 2.6.6
xmlsoft libxml2 2.6.7
xmlsoft libxml2 2.6.14
redhat fedora_core core_2.0
xmlsoft libxml 1.8.17
xmlsoft libxml2 2.6.8
xmlstarlet command_line_xml_toolkit 0.9.1
trustix secure_linux 2.1
CVE-2004-1007 MEDIUM

The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bogofilter email_filter 0.9.0.4
ubuntu ubuntu_linux 4.1
bogofilter email_filter 0.9.0.3
bogofilter email_filter 0.92
bogofilter email_filter 0.9.0.5
bogofilter email_filter 0.92.4
bogofilter email_filter 0.92.6
bogofilter email_filter 0.92.7
CVE-2004-1011 HIGH

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.2.4
conectiva linux 9.0
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.2
carnegie_mellon_university cyrus_imap_server 2.2.6
conectiva linux 10.0
trustix secure_linux 2.0
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.7
redhat fedora_core core_3.0
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
redhat fedora_core core_2.0
openpkg openpkg current
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.1.7
trustix secure_linux 2.1
carnegie_mellon_university cyrus_imap_server 2.1.9
CVE-2004-1012 HIGH

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.2.4
conectiva linux 9.0
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.2
carnegie_mellon_university cyrus_imap_server 2.2.6
conectiva linux 10.0
trustix secure_linux 2.0
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.7
redhat fedora_core core_3.0
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
redhat fedora_core core_2.0
openpkg openpkg current
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.1.7
trustix secure_linux 2.1
carnegie_mellon_university cyrus_imap_server 2.1.9
CVE-2004-1013 HIGH

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.2.4
conectiva linux 9.0
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.2
carnegie_mellon_university cyrus_imap_server 2.2.6
conectiva linux 10.0
trustix secure_linux 2.0
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.7
redhat fedora_core core_3.0
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
redhat fedora_core core_2.0
openpkg openpkg current
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.1.7
trustix secure_linux 2.1
carnegie_mellon_university cyrus_imap_server 2.1.9
CVE-2004-1015 HIGH

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.0.16
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.2.4
carnegie_mellon_university cyrus_imap_server 1.5.19
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.6
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.0.12
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.7
redhat fedora_core core_3.0
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 1.4
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.2.9
carnegie_mellon_university cyrus_imap_server 2.1.7
carnegie_mellon_university cyrus_imap_server 2.1.9
CVE-2004-1016 LOW

The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
linux linux_kernel 2.4.17
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
linux linux_kernel 2.4.19
linux linux_kernel 2.4.18
linux linux_kernel 2.4.14
linux linux_kernel 2.4.3
linux linux_kernel 2.6.0
linux linux_kernel 2.4.22
linux linux_kernel 2.4.9
linux linux_kernel 2.4.2
linux linux_kernel 2.4.15
linux linux_kernel 2.4.7
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.4.13
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
linux linux_kernel 2.4.21
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.6
linux linux_kernel 2.4.4
linux linux_kernel 2.4.26
linux linux_kernel 2.4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.4
linux linux_kernel 2.4.0
linux linux_kernel 2.4.16
linux linux_kernel 2.4.23
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.4.10
linux linux_kernel 2.4.5
linux linux_kernel 2.4.11
linux linux_kernel 2.4.12
linux linux_kernel 2.4.28
linux linux_kernel 2.4.25
linux linux_kernel 2.4.8
linux linux_kernel 2.6.5
linux linux_kernel 2.4.24_ow1
CVE-2004-1019 HIGH

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
php php 3.0.5
php php 3.0.15
php php 4.1.2
php php 4.2.1
php php 4.3.7
php php 3.0.4
php php 4.3.0
trustix secure_linux 2.2
php php 4.2
php php 4.2.3
php php 3.0.8
php php 3.0.11
php php 4.2.2
php php 3.0.3
php php 4.3.5
php php 5.0.0
php php 4.3.8
openpkg openpkg 2.2
php php 3.0.18
php php 3.0.1
trustix secure_linux 2.0
php php 3.0.2
php php 3.0.7
php php 3.0.9
openpkg openpkg current
php php 4.3.2
php php 4.0.5
php php 3.0.6
php php 3.0.10
php php 4.0.3
php php 4.3.6
php php 4.0.4
php php 4.3.1
php php 3.0.17
php php 4.0.1
php php 4.0.7
php php 4.0.2
php php 4.3.3
php php 4.3.4
php php 5.0.2
php php 3.0.12
php php 3.0.13
php php 5.0
php php 3.0
trustix secure_linux 2.1
php php 4.1.0
php php 4.3.9
php php 4.0
php php 4.2.0
openpkg openpkg 2.1
ubuntu ubuntu_linux 4.1
php php 3.0.16
php php 4.1.1
php php 4.0.6
php php 5.0.1
php php 3.0.14
CVE-2004-1051 HIGH

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
todd_miller sudo 1.6.5
trustix secure_linux 2.2
mandrakesoft mandrake_linux 10.0
todd_miller sudo 1.6.3_p7
todd_miller sudo 1.6.8
todd_miller sudo 1.5.7
todd_miller sudo 1.6.3_p2
todd_miller sudo 1.6.3_p4
todd_miller sudo 1.5.8
mandrakesoft mandrake_linux_corporate_server 2.1
todd_miller sudo 1.6.3_p3
trustix secure_linux 2.1
todd_miller sudo 1.6.6
todd_miller sudo 1.5.9
todd_miller sudo 1.6
todd_miller sudo 1.6.7
ubuntu ubuntu_linux 4.1
mandrakesoft mandrake_linux 9.2
todd_miller sudo 1.6.2
todd_miller sudo 1.6.3_p6
trustix secure_linux 2.0
trustix secure_linux 1.5
todd_miller sudo 1.6.3_p5
todd_miller sudo 1.6.5_p1
todd_miller sudo 1.6.4_p1
mandrakesoft mandrake_multi_network_firewall 8.2
todd_miller sudo 1.6.1
debian debian_linux 3.0
todd_miller sudo 1.5.6
todd_miller sudo 1.6.3_p1
todd_miller sudo 1.6.8_p1
todd_miller sudo 1.6.5_p2
todd_miller sudo 1.6.4
todd_miller sudo 1.6.3
todd_miller sudo 1.6.4_p2
CVE-2004-1056 MEDIUM

Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.0
linux linux_kernel 2.6.4
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.6.10
linux linux_kernel 2.6.9
linux linux_kernel 2.6.2
linux linux_kernel 2.6.5
CVE-2004-1058 LOW

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.0
linux linux_kernel 2.6.4
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.6.10
linux linux_kernel 2.6.9
linux linux_kernel 2.6.2
linux linux_kernel 2.6.5
CVE-2004-1065 HIGH

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php php 3.0.5
php php 3.0.15
php php 4.1.2
php php 4.2.1
php php 4.3.7
php php 3.0.4
php php 4.3.0
trustix secure_linux 2.2
php php 4.2
php php 4.2.3
php php 3.0.8
php php 3.0.11
php php 4.2.2
php php 3.0.3
php php 4.3.5
php php 5.0.0
php php 4.3.8
openpkg openpkg 2.2
php php 3.0.18
php php 3.0.1
trustix secure_linux 2.0
php php 3.0.2
php php 3.0.7
php php 3.0.9
openpkg openpkg current
php php 4.3.2
php php 4.0.5
php php 3.0.6
php php 3.0.10
php php 4.0.3
php php 4.3.6
php php 4.0.4
php php 4.3.1
php php 3.0.17
php php 4.0.1
php php 4.0.7
php php 4.0.2
php php 4.3.3
php php 4.3.4
php php 5.0.2
php php 3.0.12
php php 3.0.13
php php 5.0
php php 3.0
trustix secure_linux 2.1
php php 4.1.0
php php 4.3.9
php php 4.0
php php 4.2.0
openpkg openpkg 2.1
ubuntu ubuntu_linux 4.1
php php 3.0.16
php php 4.1.1
php php 4.0.6
php php 5.0.1
php php 3.0.14
CVE-2004-1067 HIGH

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
carnegie_mellon_university cyrus_imap_server 2.0.16
carnegie_mellon_university cyrus_imap_server 2.2.1_beta
carnegie_mellon_university cyrus_imap_server 2.2.5
carnegie_mellon_university cyrus_imap_server 2.2.4
carnegie_mellon_university cyrus_imap_server 1.5.19
ubuntu ubuntu_linux 4.1
carnegie_mellon_university cyrus_imap_server 2.2.6
carnegie_mellon_university cyrus_imap_server 2.2.0_alpha
carnegie_mellon_university cyrus_imap_server 2.2.3
carnegie_mellon_university cyrus_imap_server 2.0.12
carnegie_mellon_university cyrus_imap_server 2.1.16
carnegie_mellon_university cyrus_imap_server 2.2.7
redhat fedora_core core_3.0
carnegie_mellon_university cyrus_imap_server 2.2.2_beta
redhat fedora_core core_2.0
carnegie_mellon_university cyrus_imap_server 2.1.10
carnegie_mellon_university cyrus_imap_server 1.4
carnegie_mellon_university cyrus_imap_server 2.2.8
carnegie_mellon_university cyrus_imap_server 2.2.9
carnegie_mellon_university cyrus_imap_server 2.1.7
carnegie_mellon_university cyrus_imap_server 2.1.9
CVE-2004-1068 MEDIUM

A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
linux linux_kernel 2.4.17
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.4.19
linux linux_kernel 2.4.18
linux linux_kernel 2.4.14
linux linux_kernel 2.4.3
linux linux_kernel 2.4.22
linux linux_kernel 2.4.9
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.4.2
linux linux_kernel 2.4.15
linux linux_kernel 2.4.7
linux linux_kernel 2.4.13
linux linux_kernel 2.4.20
linux linux_kernel 2.4.24
linux linux_kernel 2.4.21
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.6
linux linux_kernel 2.4.4
linux linux_kernel 2.4.26
linux linux_kernel 2.4.1
linux linux_kernel 2.4.0
linux linux_kernel 2.4.16
linux linux_kernel 2.4.23
linux linux_kernel 2.4.10
linux linux_kernel 2.4.5
linux linux_kernel 2.4.12
linux linux_kernel 2.4.25
linux linux_kernel 2.4.8
linux linux_kernel 2.4.24_ow1
redhat enterprise_linux 2.1
CVE-2004-1069 LOW

Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.0
linux linux_kernel 2.6.4
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.6.10
linux linux_kernel 2.6.9
linux linux_kernel 2.6.2
linux linux_kernel 2.6.5
CVE-2004-1137 HIGH

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
linux linux_kernel 2.4.17
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
linux linux_kernel 2.4.19
linux linux_kernel 2.4.18
linux linux_kernel 2.4.14
linux linux_kernel 2.4.3
linux linux_kernel 2.6.0
linux linux_kernel 2.4.22
linux linux_kernel 2.4.9
linux linux_kernel 2.4.2
linux linux_kernel 2.4.15
linux linux_kernel 2.4.7
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.4.13
linux linux_kernel 2.4.20
linux linux_kernel 2.6.9
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
linux linux_kernel 2.4.21
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.6
linux linux_kernel 2.4.4
linux linux_kernel 2.4.26
linux linux_kernel 2.4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.4
linux linux_kernel 2.4.0
linux linux_kernel 2.4.16
linux linux_kernel 2.4.23
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.4.10
linux linux_kernel 2.4.5
linux linux_kernel 2.4.11
linux linux_kernel 2.4.12
linux linux_kernel 2.4.28
linux linux_kernel 2.4.25
linux linux_kernel 2.4.8
linux linux_kernel 2.6.5
linux linux_kernel 2.4.24_ow1
CVE-2004-1151 HIGH

Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.0
linux linux_kernel 2.6.4
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.6.10
linux linux_kernel 2.6.9
linux linux_kernel 2.6.2
linux linux_kernel 2.6.5
CVE-2004-1235 MEDIUM

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
linux linux_kernel 2.4.29
avaya s8710 r2.0.0
redhat enterprise_linux 4.0
avaya s8300 r2.0.1
linux linux_kernel 2.4.14
avaya network_routing *
redhat fedora_core core_1.0
linux linux_kernel 2.4.9
redhat enterprise_linux_desktop 3.0
linux linux_kernel 2.4.7
linux linux_kernel 2.6.10
mandrakesoft mandrake_linux_corporate_server 2.1
linux linux_kernel 2.4.20
redhat linux 7.3
linux linux_kernel 2.6.9
avaya s8500 r2.0.1
avaya converged_communications_server 2.0
linux linux_kernel 2.4.21
redhat enterprise_linux 3.0
suse suse_linux 9.0
mandrakesoft mandrake_linux 9.2
redhat linux 9.0
avaya modular_messaging_message_storage_server 1.1
avaya mn100 *
linux linux_kernel 2.4.16
redhat fedora_core core_3.0
linux linux_kernel 2.4.10
linux linux_kernel 2.4.5
linux linux_kernel 2.4.11
linux linux_kernel 2.4.28
linux linux_kernel 2.4.25
linux linux_kernel 2.4.24_ow1
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.1
linux linux_kernel 2.4.17
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
mandrakesoft mandrake_linux 10.0
suse suse_linux 8
linux linux_kernel 2.4.19
conectiva linux 10.0
redhat enterprise_linux_desktop 4.0
linux linux_kernel 2.4.18
suse suse_linux 1.0
avaya s8300 r2.0.0
mandrakesoft mandrake_linux_corporate_server 3.0
linux linux_kernel 2.4.3
linux linux_kernel 2.6.0
linux linux_kernel 2.4.22
linux linux_kernel 2.4.2
redhat fedora_core core_2.0
linux linux_kernel 2.4.15
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.4.13
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
avaya s8710 r2.0.1
suse suse_linux 9.2
avaya s8500 r2.0.0
suse suse_linux 8.1
ubuntu ubuntu_linux 4.1
linux linux_kernel 2.4.6
linux linux_kernel 2.4.4
linux linux_kernel 2.4.26
linux linux_kernel 2.4.1
linux linux_kernel 2.6.1
linux linux_kernel 2.6.4
mandrakesoft mandrake_multi_network_firewall 8.2
linux linux_kernel 2.4.0
avaya intuity_audix *
avaya modular_messaging_message_storage_server 2.0
linux linux_kernel 2.4.23
linux linux_kernel 2.6_test9_cvs
avaya s8700 r2.0.1
avaya s8700 r2.0.0
suse suse_linux 8.2
linux linux_kernel 2.4.12
linux linux_kernel 2.4.8
linux linux_kernel 2.6.5
CVE-2004-1337 HIGH

The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 4.1
conectiva linux 10.0
gnu realtime_linux_security_module 0.8.7
CVE-2005-0077 LOW

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 4.10
gentoo linux *
debian debian_linux 3.0
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux 4.0
CVE-2005-0080 MEDIUM

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 4.10
gnu mailman 2.1.5
CVE-2005-0106 MEDIUM

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 5.04
CVE-2005-0109 MEDIUM

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.3
freebsd freebsd 4.8
freebsd freebsd 4.9
sun solaris 9.0
redhat enterprise_linux 4.0
freebsd freebsd 1.1.5.1
freebsd freebsd 4.2
freebsd freebsd 3.5
freebsd freebsd 3.3
freebsd freebsd 5.4
redhat enterprise_linux_desktop 3.0
freebsd freebsd 3.1
freebsd freebsd 3.4
freebsd freebsd 3.2
freebsd freebsd 5.1
freebsd freebsd 4.1
sun solaris 7.0
freebsd freebsd 2.2.2
freebsd freebsd 3.5.1
sco unixware 7.1.4
redhat enterprise_linux 3.0
freebsd freebsd 2.0.5
freebsd freebsd 2.2.3
freebsd freebsd 4.6.2
freebsd freebsd 3.0
freebsd freebsd 2.2.6
freebsd freebsd 4.3
freebsd freebsd 5.0
redhat fedora_core core_3.0
freebsd freebsd 2.2
freebsd freebsd 4.5
freebsd freebsd 5.2.1
sco openserver 5.0.7
freebsd freebsd 4.6
freebsd freebsd 4.1.1
sco unixware 7.1.3_up
freebsd freebsd 2.2.5
sun solaris 10.0
redhat enterprise_linux_desktop 4.0
freebsd freebsd 4.4
freebsd freebsd 2.1.6.1
freebsd freebsd 4.7
sun solaris 8.0
freebsd freebsd 2.2.4
freebsd freebsd 2.2.8
freebsd freebsd 2.1.7.1
freebsd freebsd 5.2
freebsd freebsd 2.0
freebsd freebsd 4.0
freebsd freebsd 2.1.0
ubuntu ubuntu_linux 4.1
freebsd freebsd 2.1.6
freebsd freebsd 4.10
freebsd freebsd 4.11
ubuntu ubuntu_linux 5.04
freebsd freebsd 2.1.5
sco unixware 7.1.3
redhat enterprise_linux 2.1
CVE-2005-0156 LOW

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.1
larry_wall perl 5.8.1
trustix secure_linux 2.2
larry_wall perl 5.8.4.3
redhat enterprise_linux_desktop 3.0
larry_wall perl 5.8.4.1
suse suse_linux 8.0
trustix secure_linux 2.1
larry_wall perl 5.8.4.5
suse suse_linux 9.2
redhat enterprise_linux 3.0
suse suse_linux 8.1
suse suse_linux 9.0
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.0
trustix secure_linux 1.5
sgi propack 3.0
larry_wall perl 5.8.4.2.3
larry_wall perl 5.8.4.2
larry_wall perl 5.8.4
larry_wall perl 5.8.4.4
redhat fedora_core core_3.0
suse suse_linux 8.2
larry_wall perl 5.8.0
larry_wall perl 5.8.3
ibm aix 5.3
ibm aix 5.2
CVE-2005-0206 HIGH

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kde koffice 1.3_beta1
easy_software_products cups 1.1.10
pdftohtml pdftohtml 0.34
pdftohtml pdftohtml 0.33
easy_software_products cups 1.1.4_3
xpdf xpdf 0.90
easy_software_products cups 1.1.16
pdftohtml pdftohtml 0.35
redhat fedora_core core_1.0
easy_software_products cups 1.1.15
kde kde 3.3
suse suse_linux 6.2
easy_software_products cups 1.1.19
ascii ptex 3.1.4
kde kde 3.2
redhat enterprise_linux 3.0
easy_software_products cups 1.1.20
suse suse_linux 7.0
xpdf xpdf 2.3
pdftohtml pdftohtml 0.36
easy_software_products cups 1.1.12
debian debian_linux 3.0
suse suse_linux 6.3
tetex tetex 1.0.6
suse suse_linux 4.0
suse suse_linux 6.1
pdftohtml pdftohtml 0.32a
suse suse_linux 4.3
easy_software_products cups 1.1.7
gentoo linux *
suse suse_linux 7.1
mandrakesoft mandrake_linux_corporate_server 3.0
tetex tetex 2.0.2
redhat fedora_core core_2.0
kde kde 3.2.1
suse suse_linux 8.0
suse suse_linux 4.4.1
suse suse_linux 5.3
easy_software_products cups 1.1.17
xpdf xpdf 0.91
kde kde 3.2.2
suse suse_linux 9.2
suse suse_linux 7.3
ubuntu ubuntu_linux 4.1
kde koffice 1.3_beta3
suse suse_linux 5.0
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.1
xpdf xpdf 1.0a
redhat enterprise_linux 2.1
tetex tetex 1.0.7
redhat enterprise_linux_desktop 3.0
xpdf xpdf 1.0
xpdf xpdf 1.1
kde kde 3.3.1
suse suse_linux 4.4
xpdf xpdf 0.92
kde kpdf 3.2
easy_software_products cups 1.0.4
kde koffice 1.3_beta2
redhat linux_advanced_workstation 2.1
suse suse_linux 9.0
redhat linux 9.0
sgi propack 3.0
easy_software_products cups 1.1.13
sgi advanced_linux_environment 3.0
tetex tetex 2.0.1
redhat fedora_core core_3.0
easy_software_products cups 1.1.14
easy_software_products cups 1.1.19_rc5
kde koffice 1.3.3
suse suse_linux 2.0
suse suse_linux 6.0
easy_software_products cups 1.1.4
suse suse_linux 9.1
easy_software_products cups 1.1.4_2
xpdf xpdf 2.1
suse suse_linux 1.0
gnome gpdf 0.112
easy_software_products cups 1.1.18
gnome gpdf 0.131
suse suse_linux 3.0
easy_software_products cups 1.1.6
kde koffice 1.3.1
xpdf xpdf 0.93
suse suse_linux 8.1
gnome gpdf 0.110
suse suse_linux 7.2
cstex cstetex 2.0.2
suse suse_linux 5.2
pdftohtml pdftohtml 0.32b
xpdf xpdf 3.0
kde koffice 1.3.2
suse suse_linux 6.4
kde koffice 1.3
tetex tetex 2.0
suse suse_linux 8.2
easy_software_products cups 1.1.4_5
kde kde 3.2.3
pdftohtml pdftohtml 0.33a
suse suse_linux 4.2
suse suse_linux 5.1
xpdf xpdf 2.0
CVE-2005-0384 MEDIUM

Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.1
suse suse_linux 9.2
ubuntu ubuntu_linux 4.10
suse suse_linux 9.0
trustix secure_linux 2.2
suse suse_linux 8.2
trustix secure_linux 2
trustix secure_linux 2.1
redhat enterprise_linux 2.1
CVE-2005-0750 HIGH

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.27
linux linux_kernel 2.4.17
linux linux_kernel 2.4.29
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
linux linux_kernel 2.4.19
conectiva linux 10.0
redhat enterprise_linux_desktop 4.0
linux linux_kernel 2.4.18
suse suse_linux 1.0
redhat enterprise_linux 4.0
linux linux_kernel 2.4.14
linux linux_kernel 2.6.0
linux linux_kernel 2.4.22
redhat fedora_core core_1.0
linux linux_kernel 2.4.9
redhat fedora_core core_2.0
linux linux_kernel 2.4.15
linux linux_kernel 2.4.7
linux linux_kernel 2.6.6
linux linux_kernel 2.6.8
linux linux_kernel 2.6.10
linux linux_kernel 2.6.11
linux linux_kernel 2.4.13
linux linux_kernel 2.4.20
redhat linux 7.3
linux linux_kernel 2.6.9
linux linux_kernel 2.4.24
linux linux_kernel 2.6.2
suse suse_linux 9.3
linux linux_kernel 2.4.21
ubuntu ubuntu_linux 4.1
redhat linux 9.0
linux linux_kernel 2.4.6
linux linux_kernel 2.4.26
linux linux_kernel 2.6.1
linux linux_kernel 2.6.4
linux linux_kernel 2.4.16
redhat fedora_core core_3.0
linux linux_kernel 2.4.23
linux linux_kernel 2.4.10
linux linux_kernel 2.4.11
linux linux_kernel 2.4.12
linux linux_kernel 2.4.28
linux linux_kernel 2.4.25
linux linux_kernel 2.4.8
linux linux_kernel 2.6.5
CVE-2005-0754 HIGH

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 9.0
gentoo linux *
ubuntu ubuntu_linux 4.1
conectiva linux 10.0
kde quanta 3.1
redhat fedora_core core_3.0
kde kde 3.4
kde kde 3.2.1
kde kde 3.3
kde kde 3.3.1
kde kde 3.2.3
ubuntu ubuntu_linux 5.04
kde kde 3.2
kde kde 3.3.2
kde kde 3.2.2
CVE-2005-0988 LOW

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.3
gentoo linux *
trustix secure_linux 2.2
freebsd freebsd 4.8
redhat enterprise_linux_desktop 4.0
freebsd freebsd 4.4
freebsd freebsd 4.9
redhat enterprise_linux 4.0
freebsd freebsd 4.2
turbolinux turbolinux_workstation 8.0
freebsd freebsd 4.7
turbolinux turbolinux_desktop 10.0
gnu gzip 1.2.4
freebsd freebsd 5.4
redhat enterprise_linux_desktop 3.0
freebsd freebsd 5.1
freebsd freebsd 5.2
freebsd freebsd 4.1
trustix secure_linux 2.1
turbolinux turbolinux_appliance_server 1.0_workgroup
freebsd freebsd 4.0
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_server 8.0
gnu gzip 1.3.3
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.0
freebsd freebsd 4.6.2
freebsd freebsd 4.10
turbolinux turbolinux_server 7.0
freebsd freebsd 4.3
freebsd freebsd 5.0
turbolinux turbolinux_server 10.0
turbolinux turbolinux_appliance_server 1.0_hosting
gnu gzip 1.2.4a
freebsd freebsd 4.11
turbolinux turbolinux_workstation 7.0
freebsd freebsd 4.5
freebsd freebsd 5.2.1
turbolinux turbolinux_home *
freebsd freebsd 4.6
ubuntu ubuntu_linux 5.04
freebsd freebsd 4.1.1
redhat enterprise_linux 2.1
CVE-2005-3624 MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
tetex tetex 1.0.7
kde kdegraphics 3.2
slackware slackware_linux 10.1
trustix secure_linux 2.2
kde koffice 1.4
redhat enterprise_linux 4.0
debian debian_linux 3.1
turbolinux turbolinux fuji
mandrakesoft mandrake_linux 2006
redhat fedora_core core_1.0
redhat enterprise_linux_desktop 3.0
slackware slackware_linux 9.1
poppler poppler 0.4.2
mandrakesoft mandrake_linux_corporate_server 2.1
kde kpdf 3.4.3
redhat linux 7.3
suse suse_linux 9.3
kde kpdf 3.2
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_server 8.0
suse suse_linux 9.0
redhat linux 9.0
trustix secure_linux 2.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
sgi propack 3.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
turbolinux turbolinux_multimedia *
libextractor libextractor *
tetex tetex 2.0.1
easy_software_products cups 1.1.22
turbolinux turbolinux_server 10.0
redhat fedora_core core_3.0
debian debian_linux 3.0
turbolinux turbolinux_home *
sco openserver 5.0.7
kde kdegraphics 3.4.3
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.1
easy_software_products cups 1.1.23_rc1
trustix secure_linux 3.0
gentoo linux *
conectiva linux 10.0
easy_software_products cups 1.1.23
redhat enterprise_linux_desktop 4.0
suse suse_linux 1.0
mandrakesoft mandrake_linux_corporate_server 3.0
turbolinux turbolinux_workstation 8.0
sco openserver 6.0
turbolinux turbolinux_desktop 10.0
tetex tetex 2.0.2
turbolinux turbolinux_personal *
redhat fedora_core core_2.0
mandrakesoft mandrake_linux 10.2
kde koffice 1.4.1
redhat fedora_core core_4.0
slackware slackware_linux 10.2
suse suse_linux 9.2
slackware slackware_linux 10.0
ubuntu ubuntu_linux 4.1
easy_software_products cups 1.1.22_rc1
xpdf xpdf 3.0
turbolinux turbolinux 10
kde koffice 1.4.2
kde kword 1.4.2
slackware slackware_linux 9.0
tetex tetex 2.0
suse suse_linux 10.0
tetex tetex 3.0
ubuntu ubuntu_linux 5.10
ubuntu ubuntu_linux 5.04
turbolinux turbolinux_server 10.0_x86
redhat enterprise_linux 2.1
CVE-2005-3625 HIGH

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
tetex tetex 1.0.7
kde kdegraphics 3.2
slackware slackware_linux 10.1
trustix secure_linux 2.2
kde koffice 1.4
redhat enterprise_linux 4.0
debian debian_linux 3.1
turbolinux turbolinux fuji
mandrakesoft mandrake_linux 2006
redhat fedora_core core_1.0
redhat enterprise_linux_desktop 3.0
slackware slackware_linux 9.1
poppler poppler 0.4.2
mandrakesoft mandrake_linux_corporate_server 2.1
kde kpdf 3.4.3
redhat linux 7.3
suse suse_linux 9.3
kde kpdf 3.2
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_server 8.0
suse suse_linux 9.0
redhat linux 9.0
trustix secure_linux 2.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
sgi propack 3.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
turbolinux turbolinux_multimedia *
libextractor libextractor *
tetex tetex 2.0.1
easy_software_products cups 1.1.22
turbolinux turbolinux_server 10.0
redhat fedora_core core_3.0
debian debian_linux 3.0
turbolinux turbolinux_home *
sco openserver 5.0.7
kde kdegraphics 3.4.3
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.1
easy_software_products cups 1.1.23_rc1
trustix secure_linux 3.0
gentoo linux *
conectiva linux 10.0
easy_software_products cups 1.1.23
redhat enterprise_linux_desktop 4.0
suse suse_linux 1.0
mandrakesoft mandrake_linux_corporate_server 3.0
turbolinux turbolinux_workstation 8.0
sco openserver 6.0
turbolinux turbolinux_desktop 10.0
tetex tetex 2.0.2
turbolinux turbolinux_personal *
redhat fedora_core core_2.0
mandrakesoft mandrake_linux 10.2
kde koffice 1.4.1
redhat fedora_core core_4.0
slackware slackware_linux 10.2
suse suse_linux 9.2
slackware slackware_linux 10.0
ubuntu ubuntu_linux 4.1
easy_software_products cups 1.1.22_rc1
xpdf xpdf 3.0
turbolinux turbolinux 10
kde koffice 1.4.2
kde kword 1.4.2
slackware slackware_linux 9.0
tetex tetex 2.0
suse suse_linux 10.0
tetex tetex 3.0
ubuntu ubuntu_linux 5.10
ubuntu ubuntu_linux 5.04
turbolinux turbolinux_server 10.0_x86
redhat enterprise_linux 2.1
CVE-2005-3626 MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
tetex tetex 1.0.7
kde kdegraphics 3.2
slackware slackware_linux 10.1
trustix secure_linux 2.2
kde koffice 1.4
redhat enterprise_linux 4.0
debian debian_linux 3.1
turbolinux turbolinux fuji
mandrakesoft mandrake_linux 2006
redhat fedora_core core_1.0
redhat enterprise_linux_desktop 3.0
slackware slackware_linux 9.1
poppler poppler 0.4.2
mandrakesoft mandrake_linux_corporate_server 2.1
kde kpdf 3.4.3
redhat linux 7.3
suse suse_linux 9.3
kde kpdf 3.2
redhat enterprise_linux 3.0
redhat linux_advanced_workstation 2.1
turbolinux turbolinux_server 8.0
suse suse_linux 9.0
redhat linux 9.0
trustix secure_linux 2.0
turbolinux turbolinux_appliance_server 1.0_hosting_edition
sgi propack 3.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
turbolinux turbolinux_multimedia *
libextractor libextractor *
tetex tetex 2.0.1
easy_software_products cups 1.1.22
turbolinux turbolinux_server 10.0
redhat fedora_core core_3.0
debian debian_linux 3.0
turbolinux turbolinux_home *
sco openserver 5.0.7
kde kdegraphics 3.4.3
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.1
easy_software_products cups 1.1.23_rc1
trustix secure_linux 3.0
gentoo linux *
conectiva linux 10.0
easy_software_products cups 1.1.23
redhat enterprise_linux_desktop 4.0
suse suse_linux 1.0
mandrakesoft mandrake_linux_corporate_server 3.0
turbolinux turbolinux_workstation 8.0
sco openserver 6.0
turbolinux turbolinux_desktop 10.0
tetex tetex 2.0.2
turbolinux turbolinux_personal *
redhat fedora_core core_2.0
mandrakesoft mandrake_linux 10.2
kde koffice 1.4.1
redhat fedora_core core_4.0
slackware slackware_linux 10.2
suse suse_linux 9.2
slackware slackware_linux 10.0
ubuntu ubuntu_linux 4.1
easy_software_products cups 1.1.22_rc1
xpdf xpdf 3.0
turbolinux turbolinux 10
kde koffice 1.4.2
kde kword 1.4.2
slackware slackware_linux 9.0
tetex tetex 2.0
suse suse_linux 10.0
tetex tetex 3.0
ubuntu ubuntu_linux 5.10
ubuntu ubuntu_linux 5.04
turbolinux turbolinux_server 10.0_x86
redhat enterprise_linux 2.1
CVE-2006-0151 HIGH

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
todd_miller sudo 1.6.5
todd_miller sudo 1.6.7_p5
todd_miller sudo 1.6.8_p12
todd_miller sudo 1.6.3_p7
todd_miller sudo 1.6.8
todd_miller sudo 1.5.7
todd_miller sudo 1.6.8_p8
todd_miller sudo 1.6.3_p2
todd_miller sudo 1.6.3_p4
todd_miller sudo 1.5.8
todd_miller sudo 1.6.8_p2
todd_miller sudo 1.6.3_p3
todd_miller sudo 1.6.6
todd_miller sudo 1.5.9
todd_miller sudo 1.6
todd_miller sudo 1.6.7
ubuntu ubuntu_linux 4.1
todd_miller sudo 1.6.2
todd_miller sudo 1.6.3_p6
todd_miller sudo 1.6.3_p5
todd_miller sudo 1.6.5_p1
todd_miller sudo 1.6.4_p1
todd_miller sudo 1.6.1
todd_miller sudo 1.6.8_p5
todd_miller sudo 1.5.6
todd_miller sudo 1.6.8_p9
ubuntu ubuntu_linux 5.10
todd_miller sudo 1.6.3_p1
todd_miller sudo 1.6.8_p1
todd_miller sudo 1.6.5_p2
todd_miller sudo 1.6.8_p7
ubuntu ubuntu_linux 5.04
todd_miller sudo 1.6.4
todd_miller sudo 1.6.3
todd_miller sudo 1.6.4_p2
CVE-2006-1183 HIGH

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 5.10
CVE-2006-3378 HIGH

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 6.06_lts
ubuntu ubuntu_linux 5.10
ubuntu ubuntu_linux 5.04
CVE-2006-3597 HIGH

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 6.06_lts
CVE-2008-4395 HIGH

Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ubuntu linux_kernel *
linux linux_kernel 2.6
CVE-2010-0834 HIGH

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 10.04
ubuntu ubuntu_linux 9.10
CVE-2011-0724 HIGH

The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
ubuntu edubuntu 10.10
ubuntu edubuntu 10.04
ubuntu live_dvd *
ubuntu edubuntu 9.10
CVE-2011-0729 HIGH

dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ubuntu language-selector 0.2.10
ubuntu language-selector 0.5.1
ubuntu language-selector 0.2.7
ubuntu language-selector 0.1.21
ubuntu language-selector 0.5.3
ubuntu language-selector 0.4.5
ubuntu language-selector 0.0+baz20050531
ubuntu language-selector 0.1.26
ubuntu language-selector 0.6.0
ubuntu language-selector 0.0+baz20050824
ubuntu language-selector 0.4.2
ubuntu language-selector 0.4.11
ubuntu language-selector 0.1.27
ubuntu language-selector 0.6.5
ubuntu language-selector 0.4.2.1
ubuntu language-selector 0.2.6
ubuntu language-selector 0.1.18
ubuntu language-selector 0.4.16
ubuntu language-selector 0.4.2.3
ubuntu language-selector 0.2.1
ubuntu language-selector 0.1.6
ubuntu language-selector 0.3.14
ubuntu language-selector 0.0+baz20050811
ubuntu language-selector 0.3.7
ubuntu language-selector 0.1.8
ubuntu language-selector 0.0+baz20050927
ubuntu language-selector 0.5.0
ubuntu language-selector 0.4.2.2
ubuntu language-selector 0.4.6
ubuntu language-selector 0.4.9
ubuntu language-selector 0.6.3
ubuntu language-selector 0.4.17
ubuntu language-selector 0.1.4
ubuntu language-selector 0.1.17
ubuntu language-selector 0.6.1
ubuntu language-selector 0.1.22
ubuntu language-selector 0.1.24
ubuntu language-selector 0.0+baz20050823
ubuntu language-selector 0.2.9
ubuntu language-selector 0.4.19
ubuntu language-selector 0.1.7
ubuntu language-selector 0.3.6
ubuntu language-selector 0.4.4
ubuntu language-selector 0.1.11
ubuntu language-selector 0.2.3
ubuntu language-selector 0.4.3
ubuntu language-selector 0.3.13
ubuntu language-selector 0.1.20
ubuntu language-selector 0.1.13
ubuntu language-selector 0.0+baz20050609
ubuntu language-selector 0.5.2
ubuntu language-selector 0.3.20
ubuntu language-selector 0.4.15
ubuntu language-selector 0.3.12
ubuntu language-selector 0.2.0
ubuntu language-selector 0.3.21
ubuntu language-selector 0.1.15
ubuntu language-selector 0.3.16
ubuntu language-selector 0.4.13
ubuntu language-selector 0.3.2
ubuntu language-selector 0.3.5
ubuntu language-selector 0.4.7
ubuntu language-selector 0.1.10
ubuntu language-selector 0.2.4
ubuntu language-selector 0.3.8
ubuntu language-selector 0.1.1
ubuntu language-selector 0.1.14
ubuntu language-selector 0.3.0
ubuntu language-selector *
ubuntu language-selector 0.1.29
ubuntu language-selector 0.1.28
ubuntu language-selector 0.0+baz20050614
ubuntu language-selector 0.3.10
ubuntu language-selector 0.1.9
ubuntu language-selector 0.4.14
ubuntu language-selector 0.4.1
ubuntu language-selector 0.0+baz20050822
ubuntu language-selector 0.0+baz20050808
ubuntu language-selector 0.4.10
ubuntu language-selector 0.5.6
ubuntu language-selector 0.1.2
ubuntu language-selector 0.1.5
ubuntu language-selector 0.0+baz20050926
ubuntu language-selector 0.2.8
ubuntu language-selector 0.3.3
ubuntu language-selector 0.1.3
ubuntu language-selector 0.4.12
ubuntu language-selector 0.1.30
ubuntu language-selector 0.5.5
ubuntu language-selector 0.3.1
ubuntu language-selector 0.3.4
ubuntu language-selector 0.4.0
ubuntu language-selector 0.1.16
ubuntu language-selector 0.2.2
ubuntu language-selector 0.0+baz20050819.2
ubuntu language-selector 0.1.25
ubuntu language-selector 0.3.11
ubuntu language-selector 0.5.7
ubuntu language-selector 0.3.17
ubuntu language-selector 0.2.5
ubuntu language-selector 0.1
ubuntu language-selector 0.6.2
ubuntu language-selector 0.1.23
ubuntu language-selector 0.4.8
ubuntu language-selector 0.1.19
ubuntu language-selector 0.3.15
ubuntu language-selector 0.1.12
ubuntu language-selector 0.3.9
ubuntu language-selector 0.6.4
ubuntu language-selector 0.4.18
ubuntu language-selector 0.0+baz20050912
ubuntu language-selector 0.0+baz20050819
ubuntu language-selector 0.5.4
CVE-2011-1842 HIGH

dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ubuntu language-selector 0.2.10
ubuntu language-selector 0.5.1
ubuntu language-selector 0.2.7
ubuntu language-selector 0.1.21
ubuntu language-selector 0.5.3
ubuntu language-selector 0.4.5
ubuntu language-selector 0.0+baz20050531
ubuntu language-selector 0.1.26
ubuntu language-selector 0.6.0
ubuntu language-selector 0.0+baz20050824
ubuntu language-selector 0.4.2
ubuntu language-selector 0.4.11
ubuntu language-selector 0.1.27
ubuntu language-selector 0.6.5
ubuntu language-selector 0.4.2.1
ubuntu language-selector 0.2.6
ubuntu language-selector 0.1.18
ubuntu language-selector 0.4.16
ubuntu language-selector 0.4.2.3
ubuntu language-selector 0.2.1
ubuntu language-selector 0.1.6
ubuntu language-selector 0.3.14
ubuntu language-selector 0.0+baz20050811
ubuntu language-selector 0.3.7
ubuntu language-selector 0.1.8
ubuntu language-selector 0.0+baz20050927
ubuntu language-selector 0.5.0
ubuntu language-selector 0.4.2.2
ubuntu language-selector 0.4.6
ubuntu language-selector 0.4.9
ubuntu language-selector 0.6.3
ubuntu language-selector 0.4.17
ubuntu language-selector 0.1.4
ubuntu language-selector 0.1.17
ubuntu language-selector 0.6.1
ubuntu language-selector 0.1.22
ubuntu language-selector 0.1.24
ubuntu language-selector 0.0+baz20050823
ubuntu language-selector 0.2.9
ubuntu language-selector 0.4.19
ubuntu language-selector 0.1.7
ubuntu language-selector 0.3.6
ubuntu language-selector 0.4.4
ubuntu language-selector 0.1.11
ubuntu language-selector 0.2.3
ubuntu language-selector 0.4.3
ubuntu language-selector 0.3.13
ubuntu language-selector 0.1.20
ubuntu language-selector 0.1.13
ubuntu language-selector 0.0+baz20050609
ubuntu language-selector 0.5.2
ubuntu language-selector 0.3.20
ubuntu language-selector 0.4.15
ubuntu language-selector 0.3.12
ubuntu language-selector 0.2.0
ubuntu language-selector 0.3.21
ubuntu language-selector 0.1.15
ubuntu language-selector 0.3.16
ubuntu language-selector 0.4.13
ubuntu language-selector 0.3.2
ubuntu language-selector 0.3.5
ubuntu language-selector 0.4.7
ubuntu language-selector 0.1.10
ubuntu language-selector 0.2.4
ubuntu language-selector 0.3.8
ubuntu language-selector 0.1.1
ubuntu language-selector 0.1.14
ubuntu language-selector 0.3.0
ubuntu language-selector *
ubuntu language-selector 0.1.29
ubuntu language-selector 0.1.28
ubuntu language-selector 0.0+baz20050614
ubuntu language-selector 0.3.10
ubuntu language-selector 0.1.9
ubuntu language-selector 0.4.14
ubuntu language-selector 0.4.1
ubuntu language-selector 0.0+baz20050822
ubuntu language-selector 0.0+baz20050808
ubuntu language-selector 0.4.10
ubuntu language-selector 0.5.6
ubuntu language-selector 0.1.2
ubuntu language-selector 0.1.5
ubuntu language-selector 0.0+baz20050926
ubuntu language-selector 0.2.8
ubuntu language-selector 0.3.3
ubuntu language-selector 0.1.3
ubuntu language-selector 0.4.12
ubuntu language-selector 0.1.30
ubuntu language-selector 0.5.5
ubuntu language-selector 0.3.1
ubuntu language-selector 0.3.4
ubuntu language-selector 0.4.0
ubuntu language-selector 0.1.16
ubuntu language-selector 0.2.2
ubuntu language-selector 0.0+baz20050819.2
ubuntu language-selector 0.1.25
ubuntu language-selector 0.3.11
ubuntu language-selector 0.5.7
ubuntu language-selector 0.3.17
ubuntu language-selector 0.2.5
ubuntu language-selector 0.1
ubuntu language-selector 0.6.2
ubuntu language-selector 0.1.23
ubuntu language-selector 0.4.8
ubuntu language-selector 0.1.19
ubuntu language-selector 0.3.15
ubuntu language-selector 0.1.12
ubuntu language-selector 0.3.9
ubuntu language-selector 0.6.4
ubuntu language-selector 0.4.18
ubuntu language-selector 0.0+baz20050912
ubuntu language-selector 0.0+baz20050819
ubuntu language-selector 0.5.4
CVE-2013-1069 LOW

Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ubuntu metal_as_a_service 1.4
ubuntu metal_as_a_service 1.2
CVE-2013-1070 MEDIUM

Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ubuntu metal_as_a_service 1.4
ubuntu metal_as_a_service 1.2
CVE-2013-2186 HIGH

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat jboss_enterprise_portal_platform 4.3.0
redhat openshift *
redhat jboss_enterprise_portal_platform 5.2.2
redhat jboss_enterprise_web_server 1.0.2
redhat jboss_enterprise_brms_platform 5.3.1
ubuntu ubuntu 10.04
redhat jboss_enterprise_portal_platform 6.0.0
CVE-2014-1424 MEDIUM

apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu 14.04
ubuntu apparmor *
CVE-2015-1322 MEDIUM

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.10
canonical ubuntu_linux 15.1
canonical ubuntu_linux 14.04
ubuntu network-manager *
CVE-2015-2150 MEDIUM

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
xen xen 3.3.2
linux linux_kernel *
xen xen 4.4.0
xen xen 3.4.0
xen xen 3.4.4
xen xen 4.3.1
xen xen 4.1.3
xen xen 4.5.0
xen xen 4.0.1
ubuntu ubuntu 12.04
xen xen 3.4.1
xen xen 4.2.1
xen xen 4.1.5
xen xen 4.1.4
xen xen 4.0.2
xen xen 4.2.2
xen xen 3.4.2
xen xen 3.4.3
xen xen 4.1.2
xen xen 4.3.0
xen xen 4.1.6.1
xen xen 3.3.0
xen xen 4.0.4
xen xen 4.1.1
xen xen 4.0.3
xen xen 4.4.1
xen xen 4.1.0
xen xen 3.3.1
xen xen 4.2.0
xen xen 4.2.3
xen xen 4.0.0
CVE-2015-2285 HIGH

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
ubuntu vivid 15.04
ubuntu upstart *
CVE-2015-5479 MEDIUM

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ubuntu ubuntu 12.04
libav libav *
opensuse leap 42.1
CVE-2017-14461 MEDIUM

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,CWE-200,

Products Affected

Vendor Product Version
dovecot dovecot 2.2.33.2
debian debian_linux 9.0
ubuntu ubuntu 16.04
ubuntu ubuntu 17.10
debian debian_linux 8.0
ubuntu ubuntu 14.04
CVE-2019-15795 LOW

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
ubuntu python-apt 0.9.3.5
debian python-apt 1.8.4
ubuntu python-apt 1.4.0
ubuntu python-apt 0.8.3
ubuntu python-apt 0.9.3.2
ubuntu python-apt 1.6.0
ubuntu python-apt 1.7.0
ubuntu python-apt 1.8.3
ubuntu python-apt 0.9.1
ubuntu python-apt 1.9.0
ubuntu python-apt 1.8.1
ubuntu python-apt 0.9.0
ubuntu python-apt 1.6.3
ubuntu python-apt 1.8.4
ubuntu python-apt 1.0.1
ubuntu python-apt 0.8.9.1
ubuntu python-apt 1.6.2
ubuntu python-apt 0.9.3.3
ubuntu python-apt 0.8.0
ubuntu python-apt 1.6.1
ubuntu python-apt 1.8.2
ubuntu python-apt 0.8.1
ubuntu python-apt 1.6.4
ubuntu python-apt 0.9.3.1
ubuntu python-apt 0.9.3.4
ubuntu python-apt 1.1.0
ubuntu python-apt 1.8.0
CVE-2019-15796 LOW

Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@ubuntu.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,CWE-347,

Products Affected

Vendor Product Version
ubuntu python-apt 0.9.3.5
debian python-apt 1.8.4
ubuntu python-apt 1.4.0
ubuntu python-apt 0.8.3
ubuntu python-apt 0.9.3.2
ubuntu python-apt 1.6.0
ubuntu python-apt 1.7.0
ubuntu python-apt 1.8.3
ubuntu python-apt 0.9.1
ubuntu python-apt 1.9.0
ubuntu python-apt 1.8.1
ubuntu python-apt 0.9.0
ubuntu python-apt 1.6.3
ubuntu python-apt 1.8.4
ubuntu python-apt 1.0.1
ubuntu python-apt 0.8.9.1
ubuntu python-apt 1.6.2
ubuntu python-apt 0.9.3.3
ubuntu python-apt 0.8.0
ubuntu python-apt 1.6.1
ubuntu python-apt 1.8.2
ubuntu python-apt 0.8.1
ubuntu python-apt 1.6.4
ubuntu python-apt 0.9.3.1
ubuntu python-apt 0.9.3.4
ubuntu python-apt 1.1.0
ubuntu python-apt 1.8.0
CVE-2025-6966

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Products Affected

Vendor Product Version
ubuntu python-apt 2.0.1
ubuntu python-apt 0.9.3.5
ubuntu python-apt 2.7.7
ubuntu python-apt 3.0.0
ubuntu python-apt 2.4.0
ubuntu python-apt 0.9.3.11
ubuntu python-apt 1.6.6
debian debian_linux 11.0
ubuntu python-apt 1.1.0
ubuntu python-apt *