Vendor CVEs
SUSE S.A.
All CVEs
1,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1174 | 0.00 | — | 0.01 | Apr 14, 2005 | direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." | |||
| CVE-2004-1176 | 0.00 | — | 0.03 | Apr 14, 2005 | Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||
| CVE-2004-1092 | 0.00 | — | 0.02 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. | |||
| CVE-2004-1175 | 0.00 | — | 0.02 | Apr 14, 2005 | fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||
| CVE-2004-1090 | 0.00 | — | 0.02 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." | |||
| CVE-2004-1093 | 0.00 | — | 0.02 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." | |||
| CVE-2004-1237 | 0.00 | — | 0.00 | Apr 14, 2005 | Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors. | |||
| CVE-2005-0384 | 0.00 | — | 0.04 | Mar 15, 2005 | Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client. | |||
| CVE-2005-0398 | 0.00 | — | 0.02 | Mar 14, 2005 | The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets. | |||
| CVE-2005-0470 | 0.00 | — | 0.03 | Mar 14, 2005 | Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||
| CVE-2005-0638 | 0.00 | — | 0.04 | Mar 2, 2005 | xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. | |||
| CVE-2005-0605 | 0.00 | — | 0.05 | Mar 2, 2005 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. | |||
| CVE-2005-0639 | 0.00 | — | 0.03 | Mar 2, 2005 | Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. | |||
| CVE-2004-0986 | 0.00 | — | 0.02 | Mar 1, 2005 | Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers. | |||
| CVE-2004-0957 | 0.00 | — | 0.02 | Feb 9, 2005 | Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | |||
| CVE-2004-0981 | 0.00 | — | 0.06 | Feb 9, 2005 | Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. | |||
| CVE-2004-0889 | 0.00 | — | 0.06 | Jan 27, 2005 | Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||
| CVE-2004-0886 | 0.00 | — | 0.05 | Jan 27, 2005 | Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||
| CVE-2004-0887 | 0.00 | — | 0.00 | Jan 27, 2005 | SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges. | |||
| CVE-2004-1184 | 0.00 | — | 0.01 | Jan 21, 2005 | The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | |||
| CVE-2004-0991 | 0.00 | — | 0.04 | Jan 11, 2005 | Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. | |||
| CVE-2004-1071 | 0.00 | — | 0.01 | Jan 10, 2005 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | |||
| CVE-2004-0883 | 0.00 | — | 0.04 | Jan 10, 2005 | Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read… | |||
| CVE-2004-1072 | 0.00 | — | 0.01 | Jan 10, 2005 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to… | |||
| CVE-2004-1098 | 0.00 | — | 0.02 | Jan 10, 2005 | MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. | |||
| CVE-2004-0956 | 0.00 | — | 0.04 | Jan 10, 2005 | MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. | |||
| CVE-2004-1190 | 0.00 | — | 0.00 | Jan 10, 2005 | SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices. | |||
| CVE-2004-0949 | 0.00 | — | 0.03 | Jan 10, 2005 | The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to… | |||
| CVE-2004-1191 | 0.00 | — | 0.00 | Jan 10, 2005 | Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." | |||
| CVE-2004-1070 | 0.00 | — | 0.01 | Jan 10, 2005 | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid… | |||
| CVE-2004-1895 | 0.00 | — | 0.00 | Dec 31, 2004 | YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. | |||
| CVE-2004-0592 | 0.00 | — | 0.02 | Dec 31, 2004 | The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that… | |||
| CVE-2004-2658 | 0.00 | — | 0.00 | Dec 31, 2004 | resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types. | |||
| CVE-2004-0817 | 0.00 | — | 0.05 | Dec 31, 2004 | Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. | |||
| CVE-2004-1476 | 0.00 | — | 0.02 | Dec 31, 2004 | Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. | |||
| CVE-2004-0802 | 0.00 | — | 0.03 | Dec 31, 2004 | Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||
| CVE-2004-2097 | 0.00 | — | 0.00 | Dec 31, 2004 | Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5)… | |||
| CVE-2004-1334 | 0.00 | — | 0.01 | Dec 15, 2004 | Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow. | |||
| CVE-2004-1139 | 0.00 | — | 0.02 | Dec 15, 2004 | Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). | |||
| CVE-2004-1145 | 0.00 | — | 0.04 | Dec 15, 2004 | Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read… | |||
| CVE-2004-1142 | 0.00 | — | 0.02 | Dec 15, 2004 | Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. | |||
| CVE-2004-0626 | 0.00 | — | 0.03 | Dec 6, 2004 | The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a… | |||
| CVE-2004-0496 | 0.00 | — | 0.00 | Dec 6, 2004 | Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. | |||
| CVE-2004-0746 | 0.00 | — | 0.02 | Oct 20, 2004 | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||
| CVE-2005-0373 | 0.00 | — | 0.04 | Oct 7, 2004 | Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | |||
| CVE-2004-0827 | 0.00 | — | 0.06 | Sep 16, 2004 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||
| CVE-2004-0905 | 0.00 | — | 0.03 | Sep 14, 2004 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||
| CVE-2004-0807 | 0.00 | — | 0.06 | Sep 13, 2004 | Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | |||
| CVE-2004-0495 | 0.00 | — | 0.00 | Aug 6, 2004 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | |||
| CVE-2004-0587 | 0.00 | — | 0.00 | Aug 6, 2004 | Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service. |
- CVE-2004-1174Apr 14, 2005risk 0.00cvss —epss 0.01
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
- CVE-2004-1176Apr 14, 2005risk 0.00cvss —epss 0.03
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
- CVE-2004-1092Apr 14, 2005risk 0.00cvss —epss 0.02
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
- CVE-2004-1175Apr 14, 2005risk 0.00cvss —epss 0.02
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
- CVE-2004-1090Apr 14, 2005risk 0.00cvss —epss 0.02
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
- CVE-2004-1093Apr 14, 2005risk 0.00cvss —epss 0.02
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
- CVE-2004-1237Apr 14, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
- CVE-2005-0384Mar 15, 2005risk 0.00cvss —epss 0.04
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
- CVE-2005-0398Mar 14, 2005risk 0.00cvss —epss 0.02
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
- CVE-2005-0470Mar 14, 2005risk 0.00cvss —epss 0.03
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
- CVE-2005-0638Mar 2, 2005risk 0.00cvss —epss 0.04
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
- CVE-2005-0605Mar 2, 2005risk 0.00cvss —epss 0.05
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
- CVE-2005-0639Mar 2, 2005risk 0.00cvss —epss 0.03
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
- CVE-2004-0986Mar 1, 2005risk 0.00cvss —epss 0.02
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
- CVE-2004-0957Feb 9, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
- CVE-2004-0981Feb 9, 2005risk 0.00cvss —epss 0.06
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
- CVE-2004-0889Jan 27, 2005risk 0.00cvss —epss 0.06
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
- CVE-2004-0886Jan 27, 2005risk 0.00cvss —epss 0.05
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
- CVE-2004-0887Jan 27, 2005risk 0.00cvss —epss 0.00
SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges.
- CVE-2004-1184Jan 21, 2005risk 0.00cvss —epss 0.01
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
- CVE-2004-0991Jan 11, 2005risk 0.00cvss —epss 0.04
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
- CVE-2004-1071Jan 10, 2005risk 0.00cvss —epss 0.01
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.
- CVE-2004-0883Jan 10, 2005risk 0.00cvss —epss 0.04
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read…
- CVE-2004-1072Jan 10, 2005risk 0.00cvss —epss 0.01
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to…
- CVE-2004-1098Jan 10, 2005risk 0.00cvss —epss 0.02
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
- CVE-2004-0956Jan 10, 2005risk 0.00cvss —epss 0.04
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
- CVE-2004-1190Jan 10, 2005risk 0.00cvss —epss 0.00
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
- CVE-2004-0949Jan 10, 2005risk 0.00cvss —epss 0.03
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to…
- CVE-2004-1191Jan 10, 2005risk 0.00cvss —epss 0.00
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
- CVE-2004-1070Jan 10, 2005risk 0.00cvss —epss 0.01
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid…
- CVE-2004-1895Dec 31, 2004risk 0.00cvss —epss 0.00
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
- CVE-2004-0592Dec 31, 2004risk 0.00cvss —epss 0.02
The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that…
- CVE-2004-2658Dec 31, 2004risk 0.00cvss —epss 0.00
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
- CVE-2004-0817Dec 31, 2004risk 0.00cvss —epss 0.05
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
- CVE-2004-1476Dec 31, 2004risk 0.00cvss —epss 0.02
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
- CVE-2004-0802Dec 31, 2004risk 0.00cvss —epss 0.03
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
- CVE-2004-2097Dec 31, 2004risk 0.00cvss —epss 0.00
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5)…
- CVE-2004-1334Dec 15, 2004risk 0.00cvss —epss 0.01
Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.
- CVE-2004-1139Dec 15, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
- CVE-2004-1145Dec 15, 2004risk 0.00cvss —epss 0.04
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read…
- CVE-2004-1142Dec 15, 2004risk 0.00cvss —epss 0.02
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
- CVE-2004-0626Dec 6, 2004risk 0.00cvss —epss 0.03
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a…
- CVE-2004-0496Dec 6, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
- CVE-2004-0746Oct 20, 2004risk 0.00cvss —epss 0.02
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
- CVE-2005-0373Oct 7, 2004risk 0.00cvss —epss 0.04
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
- CVE-2004-0827Sep 16, 2004risk 0.00cvss —epss 0.06
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
- CVE-2004-0905Sep 14, 2004risk 0.00cvss —epss 0.03
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
- CVE-2004-0807Sep 13, 2004risk 0.00cvss —epss 0.06
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
- CVE-2004-0495Aug 6, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
- CVE-2004-0587Aug 6, 2004risk 0.00cvss —epss 0.00
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
Page 28 of 29