linux
by Debian
Source repositories
CVEs (3,007)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0833 | 0.00 | — | 0.03 | Dec 23, 2004 | Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages. | |||
| CVE-2004-0564 | 0.00 | — | 0.00 | Dec 23, 2004 | Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run… | |||
| CVE-2004-1142 | 0.00 | — | 0.02 | Dec 15, 2004 | Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. | |||
| CVE-2004-1145 | 0.00 | — | 0.04 | Dec 15, 2004 | Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read… | |||
| CVE-2004-1139 | 0.00 | — | 0.02 | Dec 15, 2004 | Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). | |||
| CVE-2004-0451 | 0.00 | — | 0.04 | Dec 6, 2004 | Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. | |||
| CVE-2004-0456 | 0.00 | — | 0.03 | Dec 6, 2004 | Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. | |||
| CVE-2004-0455 | 0.00 | — | 0.01 | Dec 6, 2004 | Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql. | |||
| CVE-2004-0837 | 0.00 | — | 0.05 | Nov 3, 2004 | MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||
| CVE-2004-0643 | 0.00 | — | 0.01 | Sep 28, 2004 | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | |||
| CVE-2004-0583 | 0.00 | — | 0.02 | Aug 6, 2004 | The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | |||
| CVE-2004-0522 | 0.00 | — | 0.03 | Aug 6, 2004 | Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. | |||
| CVE-2004-0579 | 0.00 | — | 0.00 | Aug 6, 2004 | Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root. | |||
| CVE-2004-0398 | 0.00 | — | 0.05 | Jul 7, 2004 | Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. | |||
| CVE-2004-0488 | 0.00 | — | 0.38 | Jul 7, 2004 | Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. | |||
| CVE-2003-0618 | 0.00 | — | 0.00 | May 4, 2004 | Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. | |||
| CVE-2003-0648 | 0.00 | — | 0.05 | May 4, 2004 | Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code. | |||
| CVE-2004-1180 | 0.00 | — | 0.02 | Feb 16, 2004 | Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). | |||
| CVE-2003-0615 | 0.00 | — | 0.04 | Aug 27, 2003 | Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. | |||
| CVE-2003-0440 | 0.00 | — | 0.00 | Aug 18, 2003 | The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
- CVE-2004-0833Dec 23, 2004risk 0.00cvss —epss 0.03
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
- CVE-2004-0564Dec 23, 2004risk 0.00cvss —epss 0.00
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run…
- CVE-2004-1142Dec 15, 2004risk 0.00cvss —epss 0.02
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
- CVE-2004-1145Dec 15, 2004risk 0.00cvss —epss 0.04
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read…
- CVE-2004-1139Dec 15, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
- CVE-2004-0451Dec 6, 2004risk 0.00cvss —epss 0.04
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
- CVE-2004-0456Dec 6, 2004risk 0.00cvss —epss 0.03
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
- CVE-2004-0455Dec 6, 2004risk 0.00cvss —epss 0.01
Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.
- CVE-2004-0837Nov 3, 2004risk 0.00cvss —epss 0.05
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
- CVE-2004-0643Sep 28, 2004risk 0.00cvss —epss 0.01
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
- CVE-2004-0583Aug 6, 2004risk 0.00cvss —epss 0.02
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
- CVE-2004-0522Aug 6, 2004risk 0.00cvss —epss 0.03
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
- CVE-2004-0579Aug 6, 2004risk 0.00cvss —epss 0.00
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.
- CVE-2004-0398Jul 7, 2004risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
- CVE-2004-0488Jul 7, 2004risk 0.00cvss —epss 0.38
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
- CVE-2003-0618May 4, 2004risk 0.00cvss —epss 0.00
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.
- CVE-2003-0648May 4, 2004risk 0.00cvss —epss 0.05
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
- CVE-2004-1180Feb 16, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
- CVE-2003-0615Aug 27, 2003risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
- CVE-2003-0440Aug 18, 2003risk 0.00cvss —epss 0.00
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Page 147 of 151