Lucene search
K

87 matches found

CVE
CVE
added 2008/02/29 2:0 a.m.70 views

CVE-2008-1078

CVE-2008-1078 affects the expn component of am-utils (and related net-fs usage) on Gentoo, rPath Linux, and other distros. The issue is an insecure temporary-file handling in expn that allows a local user to perform a symlink attack on expn[PID], enabling overwriting of arbitrary files. This vuln...

7.2CVSS6AI score0.00514EPSS
CVE
CVE
added 2014/07/29 2:0 p.m.70 views

CVE-2014-4909

Transmission before 2.84 is affected by an integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c, leading to an out-of-bounds write that can cause denial of service and potentially allow code execution via a crafted peer message. Affected product/version: Transmission prio...

6.8CVSS7.7AI score0.05406EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.69 views

CVE-2004-0933

CVE-2004-0933 affects Computer Associates CA InoculateIT 6.0, eTrust Antivirus (r6.0–r7.1), eTrust Antivirus for the Gateway (r7.0–r7.1), eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor (2.0–2.4), and EZ-Antivirus (6.1–6.3). The issue is a ZIP header handling flaw that lets re...

7.5CVSS6.4AI score0.20691EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.69 views

CVE-2004-0937

CVE-2004-0937 affects Sophos Anti-Virus prior to 3.87.0 and Sophos Anti-Virus for Windows 95/98/Me prior to 3.88.0. The issue allows remote attackers to bypass antivirus protection by delivering a ZIP archive whose local and global headers are set to zero, yet the archive can still be opened on t...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2004/10/20 4:0 a.m.69 views

CVE-2004-0969

Technical details for CVE-2004-0969 are not publicly provided in the supplied connected documents. The materials reference the vulnerability generally (symlink attack in groff), but do not contain product/version/impact/fix specifics. Monitor for updates.

2.1CVSS8.6AI score0.00377EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.68 views

CVE-2004-0932

The CVE-2004-0932 issue affects McAfee Anti-Virus Engine DATS drivers before 4398 (and the DATS Driver before 4397). A crafted ZIP archive with both local and global headers set to zero can bypass antivirus protection and still be opened on the target system. This is a remote-exploitation-style b...

7.5CVSS6.3AI score0.65764EPSS
CVE
CVE
added 2004/11/16 5:0 a.m.68 views

CVE-2004-1027

CVE-2004-1027 describes a directory traversal vulnerability in unarj, exploited via the -x (extract) option to create/write files outside the archive directory when filenames include “..”. The impact documented across connected sources includes potential overwriting of arbitrary files and, in com...

5CVSS6.5AI score0.02737EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.68 views

CVE-2004-1090

CVE-2004-1090 affects Midnight Commander (mc) up to version 4.5.55, where a remote attacker could trigger a denial of service via a corrupt section header. Multiple issuances (RHSA, DSA, CentOS advisories, Debian) indicate mc updates were released to fix this and related issues (e.g., upgraded to...

5CVSS6.3AI score0.0167EPSS
CVE
CVE
added 2005/02/17 5:0 a.m.67 views

CVE-2004-1491

CVE-2004-1491 affects Opera 7.54 and earlier. The vulnerability arises because Opera uses kfmclient exec to handle unknown MIME types, allowing a remote attacker to execute arbitrary code via a shortcut or launcher containing an Exec entry. Public documents confirm this as a real issue across mul...

5CVSS7.5AI score0.12559EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.66 views

CVE-2004-0934

CVE-2004-0934 affects Kaspersky antivirus engines 3.x through 4.x. The connected material shows a ZIP archive header manipulation vulnerability where both the local and global headers can be set to zero, allowing the compressed file to be opened while bypassing protection. A PoC exists in ZIP han...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.66 views

CVE-2004-1092

CVE-2004-1092 affects Midnight Commander (mc) 4.5.55 and earlier. The issue allows remote Denial-of-Service by causing mc to free unallocated memory (root cause: improper memory handling). The connected sources indicate a fix in Midnight Commander 4.6.0. Remediation: upgrade to MC 4.6.0 or newer ...

5CVSS6.3AI score0.0167EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.66 views

CVE-2004-1096

Archive::Zip (Perl) before 1.14 is affected; antivirus tools like amavisd-new can bypass protection by processing a ZIP with both local and global headers zeroed. The description notes the issue but does not specify fixed versions or patches in the provided sources. No exploitation details are gi...

7.5CVSS6.3AI score0.17441EPSS
CVE
CVE
added 2006/06/13 10:0 a.m.66 views

CVE-2006-3005

CVE-2006-3005 affects Gentoo Linux’s media-libs/jpeg prior to version 6b-r7, where the JPEG library is built without the -maxmem feature. This could allow a context-dependent attacker to cause a denial of service (memory exhaustion) by sending a crafted JPEG file that exceeds memory limits. Publi...

5CVSS8.9AI score0.01899EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.65 views

CVE-2004-1116

CVE-2004-1116 affects Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier, where init scripts run user-owned binaries with root privileges. This enables local privilege escalation if a user can modify the programs, as described in NVD, CVE listings, and Gentoo GLSA 200411-26. The OpenVA...

7.2CVSS6.7AI score0.00384EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.65 views

CVE-2004-1175

CVE-2004-1175 affects Midnight Commander (mc); the fish protocol handler allows remote code execution via insecure filename quoting, potentially with shell metacharacters. Public advisories (e.g., Debian DSA-639-1, Red Hat RHSA-2005:512, CentOS advisory) describe the issue and list the affected M...

7.5CVSS7.2AI score0.01625EPSS
CVE
CVE
added 2008/03/18 10:0 p.m.65 views

CVE-2008-1383

CVE-2008-1383 describes a local-privilege disclosure in Gentoo’s ssl-cert.eclass: the docert() function, when invoked during src_compile/src_install, can cause the generated SSL private key to be stored inside pre-built binary packages (binpkgs). This allows a local user to extract the key from b...

1.9CVSS6AI score0.00212EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.64 views

CVE-2004-0633

The CVE-2004-0633 issue affects Ethereal’s iSNS dissector (versions 0.10.3–0.10.4). A remote, unauthenticated attacker could cause a crash or potentially execute code by sending malformed iSNS packets, per included reports. Impact is a denial of service (partial availability) and possible code ex...

5CVSS6.3AI score0.17961EPSS
CVE
CVE
added 2007/03/19 10:0 p.m.64 views

CVE-2007-1500

CVE-2007-1500 affects the Linux Security Auditing Tool (LSAT). The vulnerability arises from insecure temporary file handling: LSAT creates temporary files in /tmp with a predictable name, enabling a local attacker to exploit a symlink attack to overwrite arbitrary files with the caller’s privile...

4.3CVSS6.2AI score0.00324EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.63 views

CVE-2004-1091

CVE-2004-1091 affects Midnight Commander (mc) up to version 4.5.55 and earlier, where a remote user can cause a denial of service by triggering a null pointer dereference. The issue is listed among multiple MC vulnerabilities (with related CVEs) and is discussed in various advisories and vulnerab...

5CVSS6.2AI score0.0167EPSS
CVE
CVE
added 2013/10/28 10:0 p.m.63 views

CVE-2010-1159

CVE-2010-1159 affects Aircrack-ng prior to 1.1, with multiple heap-based buffer overflows in EAPOL packet processing. The vulnerability allows remote attackers to trigger a crash (DoS) and may enable arbitrary code execution via (1) a large length value in an EAPOL packet or (2) a long EAPOL pack...

6.8CVSS7.8AI score0.07263EPSS
CVE
CVE
added 2013/11/15 6:16 p.m.63 views

CVE-2013-2032

MediaWiki prior to 1.19.6 and prior to 1.20.5 is vulnerable to bypassing extension-enforced password-change restrictions. The issue arises because the system does not require both Special:PasswordReset and Special:ChangePassword blocks when an extension implements only one, allowing remote attack...

5CVSS7.5AI score0.0251EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.62 views

CVE-2004-1033

CVE-2004-1033 concerns Fcron versions 2.0.1, 2.9.4 (and possibly earlier) leaking file descriptors for open files, enabling a local user to bypass access restrictions and read the files fcron.allow and fcron.deny via the EDITOR environment variable. The available connected documents confirm the a...

2.1CVSS6AI score0.00364EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.62 views

CVE-2004-1117

CVE-2004-1117 affects ChessBrain: init scripts in ChessBrain 20407 and earlier run user-owned binaries with root privileges, enabling local privilege escalation by modifying those programs. Connected advisories (Gentoo GLSA 200411-26) advise upgrading to the latest packages (e.g., chessbrain >...

7.2CVSS6.7AI score0.00384EPSS
CVE
CVE
added 2004/07/06 4:0 a.m.61 views

CVE-2004-0626

The CVE-2004-0626 issue affects the Linux kernel 2.6 netfilter subsystem when using iptables with TCP options. Affected code path is tcp_find_option; a large option length can produce a negative value after casting to char, causing an infinite loop that consumes CPU and leads to remote DoS. This ...

5CVSS6.2AI score0.02761EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.61 views

CVE-2004-1030

CVE-2004-1030 : In Fcron, the fcronsighup utility (versions including 2.0.1 and 2.9.4; possibly earlier) can be used by a local user to disclose sensitive information by invoking fcronsighup with an arbitrary file, causing contents of that file to be revealed in error messages. This is an informa...

2.1CVSS6AI score0.00364EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.60 views

CVE-2004-1009

Summary (CVE-2004-1009) Midnight Commander (mc) versions up to 4.5.55 are affected. The vulnerability allows a remote attacker to trigger a denial of service (infinite loop) via unknown attack vectors. Public sources in the connected documents tie this CVE to multiple advisories (e.g., RHSA-2005:...

5CVSS6.2AI score0.02547EPSS
CVE
CVE
added 2004/11/16 5:0 a.m.60 views

CVE-2004-1034

CVE-2004-1034 describes a buffer overflow in Kaffeine (before 0.5) whose code is also used in gxine (before 0.3.3) triggered by a long Content-Type header for a Real Audio .ram playlist. The overflow occurs in the http_open function and can cause a denial of service (application crash) and potent...

10CVSS7.9AI score0.05693EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.58 views

CVE-2004-1115

The CVE-2004-1115 entry corresponds to a real vulnerability in SETI project 3.08-r3 and earlier where init scripts execute user-owned programs with root privileges, enabling local privilege escalation by modifying those programs. Connected sources provide concrete details: Gentoo GLSA 200411-26 n...

7.2CVSS6.7AI score0.00397EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.57 views

CVE-2004-1093

CVE-2004-1093 affects Midnight Commander (mc) up to version 4.5.55. The issue is a memory-management vulnerability (use-after-free) that can cause a denial of service when a vulnerable file/operation triggers freeing of memory that is subsequently used. Public references in the provided documents...

5CVSS6.3AI score0.0167EPSS
CVE
CVE
added 2006/01/04 12:0 a.m.56 views

CVE-2006-0071

Pinentry on Gentoo is affected by CVE-2006-0071: the pinentry ebuild before 0.7.2-r2 sets the sgid bit on pinentry binaries, allowing local users to read or overwrite files with gid 0. Affected packages include pinentry, pinentry-curses, pinentry-gtk, and pinentry-gtk. Remediation: upgrade to pin...

6.6CVSS6.2AI score0.00389EPSS
CVE
CVE
added 2004/12/10 5:0 a.m.55 views

CVE-2004-1162

CVE-2004-1162 affects the scponly package (before 4.0) where the unison command does not properly restrict which programs can be run. This can allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the -rshcmd or -sshcmd flags. Documented impact...

7.5CVSS6.9AI score0.0193EPSS
CVE
CVE
added 2005/02/19 5:0 a.m.55 views

CVE-2005-0470

The CVE-2005-0470 issue affects wpa_supplicant prior to 0.2.7, where a buffer overflow in handling EAPOL-Key frames can cause a denial of service (segmentation fault) via remote attacker-supplied data. Affected component is the wpa_supplicant software; root cause is improper validation/handling o...

5CVSS6.8AI score0.02697EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.54 views

CVE-2004-1032

CVE-2004-1032 affects Fcron (notably versions 2.0.1, 2.9.4, and possibly earlier). The issue lies in fcronsighup: when a target filename has a large number of leading slashes, Fcron does not correctly append fcrontab.sig, allowing a local user to delete arbitrary files or create arbitrary empty f...

2.1CVSS6.2AI score0.00362EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.54 views

CVE-2004-1336

The CVE-2004-1336 issue affects tetex-bin 2.0.2, where the xdvizilla script creates temporary files with predictable filenames, enabling a local user to overwrite arbitrary files via a symlink attack. The vulnerability is described consistently across CVE, NVD, and CVE List entries. The available...

2.1CVSS6.3AI score0.00362EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.50 views

CVE-2004-1031

CVE-2004-1031 affects Fcron (notably 2.0.1 and 2.9.4) and potentially earlier versions. The issue allows a local user to bypass access restrictions and load an arbitrary fcron configuration file by starting a setuid process and pointing the fcronsighup configuration file at a /proc entry owned by...

7.2CVSS6.2AI score0.00369EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.50 views

CVE-2004-1107

CVE-2004-1107 affects Portage (dispatch-conf) on Gentoo prior to version 2.0.51-r3, where dispatch-conf and Gentoolkit’s qpkg use predictable temporary file names. A local attacker can exploit a symlink to overwrite arbitrary files, with the overwrite occurring under the invoking user’s privilege...

2.1CVSS6.3AI score0.00342EPSS
CVE
CVE
added 2005/02/24 5:0 a.m.48 views

CVE-2005-0535

MediaWiki is affected by a CSRF vulnerability (CVE-2005-0535) in 1.3.x prior to 1.3.11 and 1.4 beta prior to 1.4 RC1, allowing remote attackers to perform actions as authenticated users. The issue is documented across multiple sources (NVD entry, Gentoo GLSA-200502-33, and related advisories), wi...

7.5CVSS6.6AI score0.01625EPSS
Total number of security vulnerabilities87