Linux
by File Project
CVEs (135)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0937 | 0.04 | — | 0.15 | Feb 9, 2005 | Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being… | |||
| CVE-2004-0934 | 0.04 | — | 0.15 | Jan 27, 2005 | Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||
| CVE-2004-0935 | 0.04 | — | 0.15 | Jan 27, 2005 | Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||
| CVE-2004-0936 | 0.04 | — | 0.15 | Jan 27, 2005 | RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||
| CVE-2004-1304 | 0.04 | — | 0.11 | Jan 10, 2005 | Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. | |||
| CVE-2004-1161 | 0.04 | — | 0.07 | Jan 10, 2005 | rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. | |||
| CVE-2004-1096 | 0.04 | — | 0.17 | Jan 10, 2005 | Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on… | |||
| CVE-2004-1471 | 0.04 | — | 0.08 | Dec 31, 2004 | Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper… | |||
| CVE-2004-1491 | 0.04 | — | 0.13 | Dec 31, 2004 | Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. | |||
| CVE-2004-0633 | 0.04 | — | 0.18 | Dec 6, 2004 | The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow. | |||
| CVE-2004-0416 | 0.04 | — | 0.13 | Aug 6, 2004 | Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | |||
| CVE-2004-0996 | 0.03 | — | 0.01 | Jan 10, 2005 | main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2004-0497 | 0.03 | — | 0.01 | Dec 6, 2004 | Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. | |||
| CVE-2004-1737 | 0.03 | — | 0.03 | Aug 16, 2004 | SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | |||
| CVE-2004-0548 | 0.03 | — | 0.01 | Aug 6, 2004 | Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option. | |||
| CVE-2004-0554 | 0.03 | — | 0.01 | Aug 6, 2004 | Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. | |||
| CVE-2004-1983 | 0.03 | — | 0.01 | May 2, 2004 | The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors. | |||
| CVE-2004-0947 | 0.01 | — | 0.07 | Feb 9, 2005 | Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. | |||
| CVE-2004-0888 | 0.01 | — | 0.09 | Jan 27, 2005 | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by… | |||
| CVE-2004-0918 | 0.01 | — | 0.16 | Jan 27, 2005 | The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. |
- CVE-2004-0937Feb 9, 2005risk 0.04cvss —epss 0.15
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being…
- CVE-2004-0934Jan 27, 2005risk 0.04cvss —epss 0.15
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
- CVE-2004-0935Jan 27, 2005risk 0.04cvss —epss 0.15
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
- CVE-2004-0936Jan 27, 2005risk 0.04cvss —epss 0.15
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
- CVE-2004-1304Jan 10, 2005risk 0.04cvss —epss 0.11
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
- CVE-2004-1161Jan 10, 2005risk 0.04cvss —epss 0.07
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
- CVE-2004-1096Jan 10, 2005risk 0.04cvss —epss 0.17
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on…
- CVE-2004-1471Dec 31, 2004risk 0.04cvss —epss 0.08
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper…
- CVE-2004-1491Dec 31, 2004risk 0.04cvss —epss 0.13
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
- CVE-2004-0633Dec 6, 2004risk 0.04cvss —epss 0.18
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
- CVE-2004-0416Aug 6, 2004risk 0.04cvss —epss 0.13
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
- CVE-2004-0996Jan 10, 2005risk 0.03cvss —epss 0.01
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2004-0497Dec 6, 2004risk 0.03cvss —epss 0.01
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
- CVE-2004-1737Aug 16, 2004risk 0.03cvss —epss 0.03
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
- CVE-2004-0548Aug 6, 2004risk 0.03cvss —epss 0.01
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
- CVE-2004-0554Aug 6, 2004risk 0.03cvss —epss 0.01
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
- CVE-2004-1983May 2, 2004risk 0.03cvss —epss 0.01
The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.
- CVE-2004-0947Feb 9, 2005risk 0.01cvss —epss 0.07
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
- CVE-2004-0888Jan 27, 2005risk 0.01cvss —epss 0.09
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by…
- CVE-2004-0918Jan 27, 2005risk 0.01cvss —epss 0.16
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Page 2 of 7