Linux
by File Project
CVEs (135)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1106 | 0.00 | — | 0.01 | Jan 10, 2005 | Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | |||
| CVE-2004-1115 | 0.00 | — | 0.00 | Jan 10, 2005 | The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||
| CVE-2004-1162 | 0.00 | — | 0.02 | Jan 10, 2005 | The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | |||
| CVE-2004-1026 | 0.00 | — | 0.05 | Jan 10, 2005 | Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | |||
| CVE-2004-1108 | 0.00 | — | 0.00 | Jan 10, 2005 | qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. | |||
| CVE-2004-1117 | 0.00 | — | 0.00 | Jan 10, 2005 | The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||
| CVE-2004-1110 | 0.00 | — | 0.00 | Jan 10, 2005 | The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. | |||
| CVE-2004-1107 | 0.00 | — | 0.00 | Jan 10, 2005 | dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2004-1452 | 0.00 | — | 0.00 | Dec 31, 2004 | Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts. | |||
| CVE-2004-0749 | 0.00 | — | 0.01 | Dec 23, 2004 | The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow… | |||
| CVE-2004-0834 | 0.00 | — | 0.00 | Dec 23, 2004 | Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. | |||
| CVE-2004-1336 | 0.00 | — | 0.00 | Dec 23, 2004 | The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2004-0635 | 0.00 | — | 0.05 | Dec 6, 2004 | The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read. | |||
| CVE-2004-0634 | 0.00 | — | 0.05 | Dec 6, 2004 | The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference. | |||
| CVE-2004-0496 | 0.00 | — | 0.00 | Dec 6, 2004 | Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. | |||
| CVE-2004-0626 | 0.00 | — | 0.03 | Dec 6, 2004 | The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a… | |||
| CVE-2004-0565 | 0.00 | — | 0.00 | Dec 6, 2004 | Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. | |||
| CVE-2004-0456 | 0.00 | — | 0.03 | Dec 6, 2004 | Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. | |||
| CVE-2004-0604 | 0.00 | — | 0.02 | Dec 6, 2004 | The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference. | |||
| CVE-2004-0746 | 0.00 | — | 0.02 | Oct 20, 2004 | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. |
- CVE-2004-1106Jan 10, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
- CVE-2004-1115Jan 10, 2005risk 0.00cvss —epss 0.00
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
- CVE-2004-1162Jan 10, 2005risk 0.00cvss —epss 0.02
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.
- CVE-2004-1026Jan 10, 2005risk 0.00cvss —epss 0.05
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
- CVE-2004-1108Jan 10, 2005risk 0.00cvss —epss 0.00
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
- CVE-2004-1117Jan 10, 2005risk 0.00cvss —epss 0.00
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
- CVE-2004-1110Jan 10, 2005risk 0.00cvss —epss 0.00
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
- CVE-2004-1107Jan 10, 2005risk 0.00cvss —epss 0.00
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2004-1452Dec 31, 2004risk 0.00cvss —epss 0.00
Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
- CVE-2004-0749Dec 23, 2004risk 0.00cvss —epss 0.01
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow…
- CVE-2004-0834Dec 23, 2004risk 0.00cvss —epss 0.00
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
- CVE-2004-1336Dec 23, 2004risk 0.00cvss —epss 0.00
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2004-0635Dec 6, 2004risk 0.00cvss —epss 0.05
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
- CVE-2004-0634Dec 6, 2004risk 0.00cvss —epss 0.05
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
- CVE-2004-0496Dec 6, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
- CVE-2004-0626Dec 6, 2004risk 0.00cvss —epss 0.03
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a…
- CVE-2004-0565Dec 6, 2004risk 0.00cvss —epss 0.00
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
- CVE-2004-0456Dec 6, 2004risk 0.00cvss —epss 0.03
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
- CVE-2004-0604Dec 6, 2004risk 0.00cvss —epss 0.02
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.
- CVE-2004-0746Oct 20, 2004risk 0.00cvss —epss 0.02
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Page 6 of 7