Lucene search
+L
GentooLinux

136 matches found

CVE
CVE
added 2004/06/11 4:0 a.m.82 views

CVE-2004-0548

CVE-2004-0548 describes multiple stack-based buffer overflows in Aspell’s word-list-compress utility (compress.c) that allow a local user to execute arbitrary code via a long wordlist entry. The overflow is triggered when using the (1) “c” compress option or (2) “d” decompress option, due to lack...

7.2CVSS7.3AI score0.00919EPSS
CVE
CVE
added 2004/10/20 4:0 a.m.82 views

CVE-2004-0972

CVE-2004-0972 concerns the lvmcreate_initrd helper in the Trustix/ lvm package (lvm1) where a temporary-directory creation flaw enables a local attacker to perform a symlink-based overwrite of arbitrary files. The described root cause is insecure handling of temporary files by the script, allowin...

2.1CVSS5.8AI score0.00393EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.82 views

CVE-2004-0983

Ruby CGI module vulnerability CVE-2004-0983 allows remote denial of service via a crafted HTTP request. Affected are Ruby 1.6 up to 1.6.7 and Ruby 1.8 up to 1.8.1 (i.e., versions before 1.6.8 and before 1.8.2). The issue is described as causing an infinite loop and CPU consumption. Remediation is...

5CVSS6.2AI score0.01898EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.82 views

CVE-2004-1029

The vulnerability CVE-2004-1029 affects Sun Java Plug-in in JRE 1.4.2_01, 1.4.2_04, and possibly earlier versions, where data transfer between JavaScript and Java applets fails to restrict access. The root cause is improper isolation that allows a remote attacker to use reflection to access priva...

9.3CVSS7.3AI score0.17018EPSS
CVE
CVE
added 2005/09/28 4:0 a.m.81 views

CVE-2005-2557

CVE-2005-2557 is a cross-site scripting (XSS) flaw in MantisBT (0.19.0a1 through 1.0.0a3) exploitable via the dir parameter to view_all_set.php (bug#0005959). The available documents confirm the vulnerability class and affected range; no explicit remediation or exploitation details are provided b...

4.3CVSS5.4AI score0.02576EPSS
CVE
CVE
added 2013/11/15 6:16 p.m.81 views

CVE-2013-2031

CVE-2013-2031 affects MediaWiki up to 1.19.6/1.20.x before 1.20.5 and is an XSS through a CDATA SVG UTF-7 sequence misinterpreted as UTF-8. Affected component: MediaWiki core (SVG handling and related sanitization). Impact: cross-site scripting possible in affected installations. Evidence/ground:...

4.3CVSS6.7AI score0.02502EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.80 views

CVE-2004-0947

CVE-2004-0947 is confirmed across connected docs as a vulnerability in the unarj utility. The issue is a buffer overflow when handling long filenames in arj archives, enabling remote code execution. Related advisories additionally describe a directory-traversal weakness in the -x extract option t...

10CVSS7.6AI score0.07369EPSS
CVE
CVE
added 2004/12/10 5:0 a.m.80 views

CVE-2004-1161

The CVE-2004-1161 entry concerns rssh 2.2.2 and earlier, where the program restricting logic fails to properly limit which programs can be run. This could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp...

7.5CVSS6.8AI score0.07327EPSS
CVE
CVE
added 2014/07/29 2:0 p.m.79 views

CVE-2014-4909

Transmission before 2.84 is affected by an integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c, leading to an out-of-bounds write that can cause denial of service and potentially allow code execution via a crafted peer message. Affected product/version: Transmission prio...

6.8CVSS7.7AI score0.05406EPSS
CVE
CVE
added 2004/04/07 4:0 a.m.78 views

CVE-2004-0386

The CVE-2004-0386 vulnerability affects MPlayer 1.0pre3 and earlier (including 0.90 and 0.91) and arises from a buffer overflow in the HTTP parser triggered by a long Location header. Exploitation could allow remote code execution. Multiple connected advisories (SUSE, Gentoo GLSA, OpenVAS/Nessus ...

10CVSS7.7AI score0.2698EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.78 views

CVE-2004-1037

CVE-2004-1037 affects TWiki prior to fix where the search function accepts a user-supplied search string. The vulnerability allows remote attackers to execute arbitrary OS commands by injecting shell metacharacters in the search parameter to the WebSearch script, potentially compromising the TWik...

10CVSS7.3AI score0.61668EPSS
Web
CVE
CVE
added 2004/11/19 5:0 a.m.77 views

CVE-2004-0980

The CVE-2004-0980 entry concerns a format string vulnerability in ez-ipupdate.c affecting ez-ipupdate 3.0.10 through 3.0.11b8. When running in daemon mode with certain service types, a remote attacker could cause arbitrary code execution. The provided documents consistently reference vulnerable v...

10CVSS7AI score0.03818EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.76 views

CVE-2004-0416

The CVE-2004-0416 issue affects CVS servers: a double-free in error_prog_name in CVS 1.12.x (1.12.8 and earlier) and 1.11.x (1.11.16 and earlier) can enable remote attackers to execute arbitrary code via the CVS server. It can also contribute to denial of service in some contexts. Affected deploy...

10CVSS7AI score0.13206EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.76 views

CVE-2004-1004

CVE-2004-1004 affects Midnight Commander (mc) up to version 4.5.55 with multiple format string vulnerabilities. The provided connected advisories confirm that various distros release patches (e.g., SUSE SLES9 patch 5011441, Gentoo GLSA 200502-24, Debian DSA 639-1) to fix these issues. The CVE ent...

7.5CVSS6.5AI score0.01625EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.76 views

CVE-2004-1110

The CVE concerns mtink status monitor for Epson printers; versions prior to 1.0.5 allow local users to overwrite arbitrary files via a symlink attack on the Epson temporary file. Root cause: insecure temporary file handling. Impact: local integrity impact. Mitigation: upgrade to 1.0.5 or later.

2.1CVSS6.2AI score0.00362EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.76 views

CVE-2004-1176

CVE-2004-1176 : A buffer underflow in extfs.c of Midnight Commander (mc) prior to 4.5.56 allows remote attackers to cause a denial of service and possibly execute arbitrary code. Documents consistently describe the issue as a remote vulnerability affecting mc with the buffer underflow in the extf...

7.5CVSS7.1AI score0.03103EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.76 views

CVE-2004-1307

CVE-2004-1307 describes a heap-based buffer overflow in libtiff 3.6.1 triggered by a TIFF file using the STRIPOFFSETS flag with many strips, due to an overflow in TIFFFetchStripThing in tif_dirread.c. The vulnerability could allow remote code execution as a result of processing crafted TIFF files...

7.5CVSS7.7AI score0.0634EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.75 views

CVE-2004-1005

CVE-2004-1005 refers to multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier. The initial description notes remote attackers could trigger these issues with unknown impact, and connected advisories (e.g., Debian DSA 639-1, Gentoo GLSA 200502-24, SuSE OpenVAS entries) indicate t...

7.5CVSS6.5AI score0.01787EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.75 views

CVE-2004-1108

CVE-2004-1108 affects Gentoo: Gentoo Portage (dispatch-conf) and Gentoolkit’s qpkg query tool, with the vulnerable component being temporary file handling. Gentoolkit 0.2.0_pre10 and earlier uses predictable names in the temporary directory, enabling a local attacker to create a symlink to a targ...

2.1CVSS6.3AI score0.00342EPSS
CVE
CVE
added 2005/04/24 4:0 a.m.75 views

CVE-2005-0754

CVE-2005-0754 affects KDE’s Kommander: KDE 3.2–3.4.0 allows remote attackers to cause arbitrary code execution by Kommander executing data files without user confirmation. The root cause is untrusted data/file handling by Kommander, enabling remote code execution if a user opens a malicious file....

7.5CVSS7AI score0.0298EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.74 views

CVE-2004-0414

CVE-2004-0414 involves CVS (versions circa 1.12.x and 1.11.x) with insufficient input validation on Entry lines, leading to denial of service, data corruption, or arbitrary code execution. Connected sources confirm related issues (CVE-2004-0416, -0417, -0418) affecting CVS server behavior (Argume...

10CVSS7AI score0.03969EPSS
CVE
CVE
added 2004/09/02 4:0 a.m.74 views

CVE-2004-0500

CVE-2004-0500 is a vulnerability in the MSN protocol plugins of Gaim (object.c and slp.c) where a misused strncpy call allows a remote attacker to trigger a buffer overflow. This can lead to a denial of service and may enable remote code execution. The description specifies the affected product a...

7.5CVSS7.7AI score0.0495EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.74 views

CVE-2004-0634

The CVE-2004-0634 issue affects Ethereal (the SMB dissector) with the SMB SID snooping capability, in versions 0.9.15 through 0.10.4. The root cause is a null dereference triggered by a handle without a policy name in SMB processing, allowing a remote attacker to cause a denial of service (proces...

5CVSS6.1AI score0.05275EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.74 views

CVE-2004-0635

CVE-2004-0635 affects Ethereal 0.8.15–0.10.4, where the SNMP dissector is vulnerable. A remote attacker can trigger a denial of service (process crash) via a malformed or missing community string, causing an out-of-bounds read. The description explicitly ties the issue to the SNMP dissector, the ...

5CVSS6.2AI score0.05275EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.74 views

CVE-2004-0936

CVE-2004-0936 refers to a ZIP header manipulation vulnerability affecting anti-virus engines (notably RAV) where both local and global ZIP headers can be set to zero, allowing a compressed file to bypass protection and still be opened. The connected sources describe a proof-of-concept and public ...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2008/02/29 2:0 a.m.73 views

CVE-2008-1078

CVE-2008-1078 affects the expn component of am-utils (and related net-fs usage) on Gentoo, rPath Linux, and other distros. The issue is an insecure temporary-file handling in expn that allows a local user to perform a symlink attack on expn[PID], enabling overwriting of arbitrary files. This vuln...

7.2CVSS6AI score0.00514EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.72 views

CVE-2004-0937

CVE-2004-0937 affects Sophos Anti-Virus prior to 3.87.0 and Sophos Anti-Virus for Windows 95/98/Me prior to 3.88.0. The issue allows remote attackers to bypass antivirus protection by delivering a ZIP archive whose local and global headers are set to zero, yet the archive can still be opened on t...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.72 views

CVE-2004-1471

CVE-2004-1471 affects CVS: formats-string vulnerability in wrapper.c remote-code path exploited by wrappers, with CVSROOT commit access allowing DoS (crash) and potential code execution. Affected ranges are CVS 1.12.x up to 1.12.8 and 1.11.x up to 1.11.16. OpenVAS/Nessus entries corroborate multi...

7.1CVSS7.7AI score0.07722EPSS
CVE
CVE
added 2005/04/16 4:0 a.m.72 views

CVE-2005-1121

CVE-2005-1121 affects Oops! Proxy Server up to version 1.5.23. A format string vulnerability in the my_xlog function (lib.c), triggered via the passwd_mysql and passwd_pgsql authentication modules, may allow an attacker to execute arbitrary code remotely by crafting a URL. The CVSS v2 base score ...

5CVSS7.1AI score0.02298EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.71 views

CVE-2004-0417

CVS-2004-0417 involves an Integer overflow in the Max-dotdot command (serve_max_dotdot) affecting CVS 1.12.x (up to 1.12.8) and 1.11.x (up to 1.11.16). The issue can let remote attackers crash the CVS server, potentially leaving undeleted data and consuming disk space (DoS). Publicly available fi...

5CVSS6.5AI score0.03069EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.71 views

CVE-2004-0432

ProFTPD 1.2.9 contains a logic issue where CIDR-based ACL directives in Allow and Deny are treated as if they were AllowAll, effectively bypassing access restrictions. This vulnerability allows FTP clients to bypass intended controls and potentially access or modify files that should be restricte...

7.5CVSS6.4AI score0.09197EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.71 views

CVE-2004-0746

CVE-2004-0746 affects Konqueror in KDE 3.2.3 and earlier. The issue allows a remote attacker to cause a web site to set cookies for country-specific top‑level domains (for example .ltd.uk, .plc.uk, .firm.in), enabling a session fixation attack and potential HTTP session hijacking. Connected docum...

7.5CVSS6.7AI score0.0189EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.71 views

CVE-2004-0933

CVE-2004-0933 affects Computer Associates CA InoculateIT 6.0, eTrust Antivirus (r6.0–r7.1), eTrust Antivirus for the Gateway (r7.0–r7.1), eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor (2.0–2.4), and EZ-Antivirus (6.1–6.3). The issue is a ZIP header handling flaw that lets re...

7.5CVSS6.4AI score0.20691EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.71 views

CVE-2004-1174

The CVE-2004-1174 vulnerability affects Midnight Commander (mc) up to and including version 4.5.55, in which direntry.c contains the flaw that allows a denial of service via manipulating non-existing file handles. The description clearly states this is a denial of service condition caused by the ...

5CVSS6.1AI score0.0143EPSS
CVE
CVE
added 2005/03/07 5:0 a.m.71 views

CVE-2005-0667

CVE-2005-0667 is a buffer‑overflow in Sylpheed’s header processing when replying to messages that contain non‑ASCII headers. Affected are Sylpheed before 1.0.3 and other versions before 1.9.5; successful exploitation can allow remote code execution with the user’s privileges. Several connected ad...

5.1CVSS7.6AI score0.03246EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.70 views

CVE-2004-0232

Midnight Commander (mc) is affected by CVE-2004-0232: multiple format string vulnerabilities in versions before 4.6.0 that can cause a denial of service or arbitrary code execution. Exploitation details are not provided in the documents; remediation per description is to upgrade to 4.6.0 or newer.

5CVSS7.1AI score0.02945EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.70 views

CVE-2004-0419

CVE-2004-0419 concerns the XFree86/XDM issue where XDM opens a chooserFd TCP socket even when the parameter DisplayManager.requestPort is 0. Affected software is XFree86/XDM (notably in Red Hat Enterprise Linux 3 and Gentoo/Gentoo GLSA advisories), with Red Hat RHSA-2004:478 describing backported...

7.5CVSS6.2AI score0.02477EPSS
CVE
CVE
added 2004/11/16 5:0 a.m.70 views

CVE-2004-1027

CVE-2004-1027 describes a directory traversal vulnerability in unarj, exploited via the -x (extract) option to create/write files outside the archive directory when filenames include “..”. The impact documented across connected sources includes potential overwriting of arbitrary files and, in com...

5CVSS6.5AI score0.02737EPSS
CVE
CVE
added 2008/03/18 10:0 p.m.70 views

CVE-2008-1383

CVE-2008-1383 describes a local-privilege disclosure in Gentoo’s ssl-cert.eclass: the docert() function, when invoked during src_compile/src_install, can cause the generated SSL private key to be stored inside pre-built binary packages (binpkgs). This allows a local user to extract the key from b...

1.9CVSS6AI score0.00212EPSS
CVE
CVE
added 2004/07/13 4:0 a.m.69 views

CVE-2004-0649

CVE-2004-0649 describes a buffer overflow in l2tpd's write_packet function (control.c) that could allow a remote attacker to execute arbitrary code. The vulnerability affects older l2tpd versions, with OpenVAS guidance explicitly noting upgrades to 0.69 or later as the remedy. NVD CVSS suggests a...

10CVSS7.4AI score0.05172EPSS
CVE
CVE
added 2004/10/20 4:0 a.m.69 views

CVE-2004-0834

CVE-2004-0834 describes a local;format-string vulnerability in the Speedtouch USB driver prior to version 1.3.1. The flaw affects the driver’s logging calls in modem_run, pppoa2 and pppoa3, allowing a malicious local user to potentially execute arbitrary code with elevated privileges. Affected pr...

7.2CVSS7AI score0.00433EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.69 views

CVE-2004-0932

The CVE-2004-0932 issue affects McAfee Anti-Virus Engine DATS drivers before 4398 (and the DATS Driver before 4397). A crafted ZIP archive with both local and global headers set to zero can bypass antivirus protection and still be opened on the target system. This is a remote-exploitation-style b...

7.5CVSS6.3AI score0.65764EPSS
CVE
CVE
added 2004/10/20 4:0 a.m.69 views

CVE-2004-0969

Technical details for CVE-2004-0969 are not publicly provided in the supplied connected documents. The materials reference the vulnerability generally (symlink attack in groff), but do not contain product/version/impact/fix specifics. Monitor for updates.

2.1CVSS8.6AI score0.00377EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.69 views

CVE-2004-1090

CVE-2004-1090 affects Midnight Commander (mc) up to version 4.5.55, where a remote attacker could trigger a denial of service via a corrupt section header. Multiple issuances (RHSA, DSA, CentOS advisories, Debian) indicate mc updates were released to fix this and related issues (e.g., upgraded to...

5CVSS6.3AI score0.0167EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.69 views

CVE-2004-1092

CVE-2004-1092 affects Midnight Commander (mc) 4.5.55 and earlier. The issue allows remote Denial-of-Service by causing mc to free unallocated memory (root cause: improper memory handling). The connected sources indicate a fix in Midnight Commander 4.6.0. Remediation: upgrade to MC 4.6.0 or newer ...

5CVSS6.3AI score0.0167EPSS
CVE
CVE
added 2005/02/17 5:0 a.m.69 views

CVE-2004-1491

CVE-2004-1491 affects Opera 7.54 and earlier. The vulnerability arises because Opera uses kfmclient exec to handle unknown MIME types, allowing a remote attacker to execute arbitrary code via a shortcut or launcher containing an Exec entry. Public documents confirm this as a real issue across mul...

5CVSS7.5AI score0.12559EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.68 views

CVE-2004-0749

CVE-2004-0749 affects the mod_authz_svn module of Subversion 1.0.7 and earlier, in which access to metadata on unreadable paths is not properly restricted. This can allow remote attackers to disclose metadata via commands such as svn log -v, svn propget, and svn blame (and other commands followin...

5CVSS6.4AI score0.01457EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.68 views

CVE-2004-0934

CVE-2004-0934 affects Kaspersky antivirus engines 3.x through 4.x. The connected material shows a ZIP archive header manipulation vulnerability where both the local and global headers can be set to zero, allowing the compressed file to be opened while bypassing protection. A PoC exists in ZIP han...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.68 views

CVE-2004-1091

CVE-2004-1091 affects Midnight Commander (mc) up to version 4.5.55 and earlier, where a remote user can cause a denial of service by triggering a null pointer dereference. The issue is listed among multiple MC vulnerabilities (with related CVEs) and is discussed in various advisories and vulnerab...

5CVSS6.2AI score0.0167EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.68 views

CVE-2004-1096

Archive::Zip (Perl) before 1.14 is affected; antivirus tools like amavisd-new can bypass protection by processing a ZIP with both local and global headers zeroed. The description notes the issue but does not specify fixed versions or patches in the provided sources. No exploitation details are gi...

7.5CVSS6.3AI score0.17441EPSS
Total number of security vulnerabilities136