Linux
by Conectiva
CVEs (63)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1142 | 0.00 | — | 0.02 | Dec 15, 2004 | Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. | |||
| CVE-2004-1145 | 0.00 | — | 0.04 | Dec 15, 2004 | Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read… | |||
| CVE-2004-0626 | 0.00 | — | 0.03 | Dec 6, 2004 | The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a… | |||
| CVE-2005-0373 | 0.00 | — | 0.04 | Oct 7, 2004 | Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | |||
| CVE-2004-0801 | 0.00 | — | 0.04 | Sep 16, 2004 | Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. | |||
| CVE-2004-0827 | 0.00 | — | 0.06 | Sep 16, 2004 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||
| CVE-2004-0905 | 0.00 | — | 0.03 | Sep 14, 2004 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||
| CVE-2004-0807 | 0.00 | — | 0.06 | Sep 13, 2004 | Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | |||
| CVE-2004-0495 | 0.00 | — | 0.00 | Aug 6, 2004 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | |||
| CVE-2004-0535 | 0.00 | — | 0.00 | Aug 6, 2004 | The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | |||
| CVE-2003-0468 | 0.00 | — | 0.02 | Aug 27, 2003 | Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use… | |||
| CVE-2001-0834 | 0.00 | — | 0.03 | Dec 6, 2001 | htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read… | |||
| CVE-2001-1374 | 0.00 | — | 0.00 | Jul 19, 2001 | expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. | |||
| CVE-2001-1375 | 0.00 | — | 0.00 | Jul 19, 2001 | tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. | |||
| CVE-2001-0439 | 0.00 | — | 0.02 | Jul 2, 2001 | licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||
| CVE-2001-0473 | 0.00 | — | 0.02 | Jun 27, 2001 | Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. | |||
| CVE-2001-0178 | 0.00 | — | 0.00 | Mar 26, 2001 | kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. | |||
| CVE-2001-0128 | 0.00 | — | 0.00 | Mar 12, 2001 | Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. | |||
| CVE-2000-0747 | 0.00 | — | 0.02 | Oct 20, 2000 | The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it. | |||
| CVE-2000-0715 | 0.00 | — | 0.00 | Oct 20, 2000 | DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. |
- CVE-2004-1142Dec 15, 2004risk 0.00cvss —epss 0.02
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
- CVE-2004-1145Dec 15, 2004risk 0.00cvss —epss 0.04
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read…
- CVE-2004-0626Dec 6, 2004risk 0.00cvss —epss 0.03
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a…
- CVE-2005-0373Oct 7, 2004risk 0.00cvss —epss 0.04
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
- CVE-2004-0801Sep 16, 2004risk 0.00cvss —epss 0.04
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
- CVE-2004-0827Sep 16, 2004risk 0.00cvss —epss 0.06
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
- CVE-2004-0905Sep 14, 2004risk 0.00cvss —epss 0.03
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
- CVE-2004-0807Sep 13, 2004risk 0.00cvss —epss 0.06
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
- CVE-2004-0495Aug 6, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
- CVE-2004-0535Aug 6, 2004risk 0.00cvss —epss 0.00
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
- CVE-2003-0468Aug 27, 2003risk 0.00cvss —epss 0.02
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use…
- CVE-2001-0834Dec 6, 2001risk 0.00cvss —epss 0.03
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read…
- CVE-2001-1374Jul 19, 2001risk 0.00cvss —epss 0.00
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
- CVE-2001-1375Jul 19, 2001risk 0.00cvss —epss 0.00
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.
- CVE-2001-0439Jul 2, 2001risk 0.00cvss —epss 0.02
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
- CVE-2001-0473Jun 27, 2001risk 0.00cvss —epss 0.02
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
- CVE-2001-0178Mar 26, 2001risk 0.00cvss —epss 0.00
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
- CVE-2001-0128Mar 12, 2001risk 0.00cvss —epss 0.00
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
- CVE-2000-0747Oct 20, 2000risk 0.00cvss —epss 0.02
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
- CVE-2000-0715Oct 20, 2000risk 0.00cvss —epss 0.00
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
Page 3 of 4