CAN-2004-0802

Multiple connected entries reference CVE-2004-0802 in imlib2 (notably Debian DSA-552-1 and FreeBSD/OpenVAS entries). The Debian advisory lists CVSS base 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P). Descriptions indicate that a missing update is the issue, but no concrete root-cause, vulnerable versions, or ...

CAN-2004-0851

The CVE refers to Net-Acct and concerns insecure temporary file creation that enables local users to overwrite arbitrary files via a symlink attack on temporary files. Root cause: insecure handling of temporary file creation in Net‑Acct before version 0.71. The issue is local in scope and affects...

CAN-2004-0923

CVE-2004-0923 affects CUPS (Common UNIX Printing System) 1.1.20 and earlier. The vulnerability involves authentication information for a device URI being written to log files (e.g., error_log), which can allow a local user to obtain usernames and passwords when printing via SMB or when authentica...

CAN-2004-0977

CVE-2004-0977 is linked to insecure temporary file handling in the PostgreSQL contrib component (make_oidjoins_check), enabling a symlink/overwrite vulnerability in the script and potentially allowing arbitrary file writes by an attacker. Connected advisories (Ubuntu USN-6-1, Debian DSA-577-1, Ge...

CAN-2004-0911

CVE-2004-0911 is referenced across multiple scanners in connection with the netkit telnet package (netkit-telnet and netkit-telnet-ssl). The connected Nessus/OpenVAS entries identify Debian/Ubuntu/OpenVAS advisories (e.g., DSA-569-1, DSA-556-1/DSA-556-2, and SUSE CVE page) indicating that remote ...

CAN-2004-0982

CVE-2004-0982 is linked to mpg123 and is described in multiple feeds as a heap-based buffer overflow in httpdget.c that allows remote code execution via a long URL, affecting mpg123 before the 0.59s-rll patch. The issue is cited in later entries (e.g., CVE-2006-3355 as an incomplete patch continu...

CAN-2004-0980

CVE-2004-0980 is a format-string vulnerability in ez-ipupdate. The connected documents identify ez-ipupdate as affected, specifically versions 3.0.10 through 3.0.11b8, with exploitation possible when running in daemon mode with certain service types in use, allowing remote execution of arbitrary ...

CAN-2004-0955

CVE-2004-0955 is a reserved CAN entry that corresponds to multiple advisories for the libpng library. The connected documents provide concrete technical details: libpng contains several integer overflows and related vulnerabilities that could allow remote code execution when processing specially ...

CAN-2004-0918

CVE-2004-0918 is a vulnerability in Squid’s SNMP parser. The asn_parse_header function in the SNMP module can be forced to allocate memory incorrectly by SNMP packets with negative or malformed ASN.1 length fields, allowing a remote attacker to cause a denial of service (server restart) and disco...

CAN-2003-0193

CVE-2003-0193 affects catdoc/xlsview; msxlsview.sh in xlsview (catdoc 0.91 and earlier) allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names (word$$.html). Debian fixed in 0.91.5-1.woody3/0.91.5-2; other advisories (DSA-575-1) reference the same...

CAN-2004-1006

CVE-2004-1006 is a format-string vulnerability in ISC DHCP’s dhcpd log/error handling (errwarn.c) that may allow remote code execution via crafted DNS messages on vulnerable DHCP servers/relays/clients. Public OpenVAS entries label isc-dhcpd format-string vulnerabilities with CVSS 10.0 (AV:N/AC:L...

CAN-2004-0645

CVE-2004-0645 affects abiword via a vulnerability in the wv library (buffer overflow) that could allow arbitrary code execution. The connected advisories (Debian DSA-579-1, Debian DSA-579-1 variants, and Gentoo/OpenVAS entries) confirm the issue and indicate the vulnerable component as abiword wi...

CAN-2004-0964

CVE-2004-0964 concerns a stack-based buffer overflow in the Zinf Audio Player (formerly freeamp) version 2.2.1. The vulnerability arises from insufficient bounds checking when processing a specially crafted PLS playlist file. A remote attacker could exploit this by convincing a user to open a mal...

CAN-2004-0989

CVE-2004-0989 affects libxml (libxml2) with multiple buffer overflow bugs in FTP URL parsing and DNS-related handling. Public sources in connected documents confirm Vulnerable versions include pre-2.6.14, with cited issues in libxml 2.6.12/2.6.13 and related code paths (FTP URL, FTP proxy URL, DN...

CAN-2004-0623

CVE-2004-0623 is a format-string vulnerability in GNU GNATS 4.00 that can allow remote code execution via specially crafted log data (syslog). Public advisories (Debian DSA-590-1, FreeBSD/Nessus entries, NVD) confirm impact and require updating GNATS to a patched release; exploitation details and...

CAN-2004-0970

CVE-2004-0970 concerns the gzip package: the (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package allow local users to overwrite files via a symlink attack on temporary files. This is a local privilege/overwrite issue, not remote code execution. The vulnerability is tied to the handling...

CAN-2004-0981

CVE-2004-0981 is linked to ImageMagick and is discussed in multiple advisories (Debian DSA 593-1, Gentoo GLSA 200411-11, Ubuntu USN-7-1/USN-10-1, FreeBSD Ports) with CVSS base 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C). The OpenVAS entries and Gentoo/Ubuntu/Debian advisories describe a vulnerability in Im...

CAN-2004-1052

CVE-2004-1052 affects the BNC IRC bouncing proxy. The issue is a remote buffer‑overflow in the getnickuserhost() function triggered by IRC server responses, allowing arbitrary code execution on the client host that processes the overflowing response. Public sources highlight this as a remote vuln...

CAN-2002-0986

CVE-2002-0986 concerns the PHP mail() function in PHP 4.x up to 4.2.2, which does not filter ASCII control characters from its arguments. This could allow remote attackers to modify mail message content, including headers, and potentially use PHP as a “spam proxy.” The connected documents confirm...

CAN-2003-0902

CVE-2003-0902 affects minimalist mailing list manager (versions 2.4, 2.2 and possibly others) with a remote code execution vulnerability due to unsanitised input. Debian DSAs confirm fixes: upgrade to minimalist 2.4-1 (sid) or 2.2-4 (woody). Other references (NVD/Nessus/OpenVAS) corroborate unkno...