Linux@1.4 Security Vulnerabilities and Issues — Linux@1.4 CVE List

Lucene search

GentooLinux1.4

17 matches found

CVE•added 2005/01/27 5:0 a.m.•69 views

CVE-2004-0881

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.

2.1CVSS6AI score0.00071EPSS

CVE•added 2005/01/27 5:0 a.m.•67 views

CVE-2004-0891

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer...

10CVSS8AI score0.05439EPSS

CVE•added 2005/05/02 4:0 a.m.•63 views

CVE-2005-0005

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

7.5CVSS7.8AI score0.03499EPSS

CVE•added 2005/01/27 5:0 a.m.•55 views

CVE-2004-0935

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

7.5CVSS6.4AI score0.132EPSS

CVE•added 2005/01/10 5:0 a.m.•54 views

CVE-2004-1096

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

7.5CVSS6.3AI score0.20253EPSS

CVE•added 2005/02/13 5:0 a.m.•53 views

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

7.1CVSS7.7AI score0.05947EPSS

CVE•added 2005/02/26 5:0 a.m.•53 views

CVE-2004-1737

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

7.5CVSS8.6AI score0.03848EPSS

CVE•added 2005/01/27 5:0 a.m.•52 views

CVE-2004-0933

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection v...

7.5CVSS6.4AI score0.30032EPSS

CVE•added 2005/01/27 5:0 a.m.•52 views

CVE-2004-0936

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

7.5CVSS6.4AI score0.132EPSS

CVE•added 2005/02/09 5:0 a.m.•51 views

CVE-2004-0937

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target syst...

7.5CVSS6.4AI score0.132EPSS

CVE•added 2005/01/27 5:0 a.m.•50 views

CVE-2004-0934

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

7.5CVSS6.4AI score0.14187EPSS

CVE•added 2005/02/13 5:0 a.m.•50 views

CVE-2004-1452

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

7.2CVSS7.2AI score0.00047EPSS

CVE•added 2005/01/27 5:0 a.m.•49 views

CVE-2004-0880

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.

1.2CVSS6AI score0.00079EPSS

CVE•added 2005/01/27 5:0 a.m.•47 views

CVE-2004-0932

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being...

7.5CVSS6.3AI score0.43585EPSS

CVE•added 2005/03/01 5:0 a.m.•47 views

CVE-2004-1055

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the in...

6.8CVSS5.6AI score0.01171EPSS

CVE•added 2005/05/10 4:0 a.m.•41 views

CVE-2004-1901

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

5.5CVSS5.4AI score0.00054EPSS

CVE•added 2005/05/10 4:0 a.m.•40 views

CVE-2004-1983

The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.

2.1CVSS6AI score0.00211EPSS