Total
154 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1033 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2024-11-20 | 2.1 LOW | N/A |
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. | |||||
CVE-2004-1032 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2024-11-20 | 2.1 LOW | N/A |
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. | |||||
CVE-2004-1031 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2024-11-20 | 7.2 HIGH | N/A |
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. | |||||
CVE-2004-1030 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2024-11-20 | 2.1 LOW | N/A |
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. | |||||
CVE-2004-1029 | 5 Conectiva, Gentoo, Hp and 2 more | 8 Linux, Linux, Hp-ux and 5 more | 2024-11-20 | 9.3 HIGH | N/A |
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | |||||
CVE-2004-1027 | 3 Arjsoftware, Debian, Gentoo | 3 Unarj, Debian Linux, Linux | 2024-11-20 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. | |||||
CVE-2004-1026 | 3 Enlightenment, Gentoo, Redhat | 3 Imlib, Linux, Linux | 2024-11-20 | 10.0 HIGH | N/A |
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | |||||
CVE-2004-1025 | 3 Enlightenment, Gentoo, Redhat | 3 Imlib, Linux, Linux | 2024-11-20 | 10.0 HIGH | N/A |
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | |||||
CVE-2004-1009 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-11-20 | 7.5 HIGH | N/A |
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2024-11-20 | 7.5 HIGH | N/A |
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
CVE-2004-0996 | 4 Cscope, Debian, Gentoo and 1 more | 4 Cscope, Debian Linux, Linux and 1 more | 2024-11-20 | 2.1 LOW | N/A |
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2004-0990 | 5 Gd Graphics Library, Gentoo, Openpkg and 2 more | 5 Gdlib, Linux, Openpkg and 2 more | 2024-11-20 | 10.0 HIGH | N/A |
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. | |||||
CVE-2004-0983 | 4 Gentoo, Mandrakesoft, Ubuntu and 1 more | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2024-11-20 | 5.0 MEDIUM | N/A |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | |||||
CVE-2004-0981 | 4 Debian, Gentoo, Imagemagick and 1 more | 4 Debian Linux, Linux, Imagemagick and 1 more | 2024-11-20 | 10.0 HIGH | N/A |
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. | |||||
CVE-2004-0980 | 3 Angus Mackay, Debian, Gentoo | 3 Ez-ipupdate, Debian Linux, Linux | 2024-11-20 | 10.0 HIGH | N/A |
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code. | |||||
CVE-2004-0975 | 3 Gentoo, Mandrakesoft, Openssl | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2024-11-20 | 2.1 LOW | N/A |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2004-0972 | 2 Gentoo, Lvm | 2 Linux, Logical Volume Management Utilities | 2024-11-20 | 2.1 LOW | N/A |
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2004-0969 | 3 Gentoo, Gnu, Ubuntu | 3 Linux, Groff, Ubuntu Linux | 2024-11-20 | 2.1 LOW | N/A |
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2004-0947 | 3 Arj Software Inc., Gentoo, Suse | 3 Unarj, Linux, Suse Linux | 2024-11-20 | 10.0 HIGH | N/A |
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. |