Vulnerabilities (CVE)

Filtered by vendor Openpkg Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1997 2 Kolab, Openpkg 2 Kolab Groupware Server, Openpkg 2024-02-28 4.6 MEDIUM N/A
Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
CVE-2003-0147 3 Openpkg, Openssl, Stunnel 3 Openpkg, Openssl, Stunnel 2024-02-28 5.0 MEDIUM N/A
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
CVE-2004-0772 3 Debian, Mit, Openpkg 3 Debian Linux, Kerberos 5, Openpkg 2024-02-28 7.5 HIGH 9.8 CRITICAL
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-0421 4 Libpng, Openpkg, Redhat and 1 more 6 Libpng, Openpkg, Enterprise Linux and 3 more 2024-02-28 5.0 MEDIUM N/A
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
CVE-2003-0615 3 Cgi.pm, Debian, Openpkg 3 Cgi.pm, Debian Linux, Openpkg 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
CVE-2003-0190 3 Openbsd, Openpkg, Siemens 6 Openssh, Openpkg, Scalance X204rna and 3 more 2024-02-28 5.0 MEDIUM N/A
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2005-0373 6 Apple, Conectiva, Cyrus and 3 more 8 Mac Os X, Mac Os X Server, Linux and 5 more 2024-02-28 7.5 HIGH N/A
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.