Linux Security Vulnerabilities and Issues — Linux CVE List

Lucene search

GentooLinux

12 matches found

CVE•added 2005/02/09 5:0 a.m.•92 views

CVE-2004-0975

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.4AI score0.00077EPSS

CVE•added 2005/02/09 5:0 a.m.•62 views

CVE-2004-0981

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

10CVSS7.3AI score0.07221EPSS

CVE•added 2005/02/09 5:0 a.m.•60 views

CVE-2004-0947

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

10CVSS7.6AI score0.12786EPSS

CVE•added 2005/02/09 5:0 a.m.•60 views

CVE-2004-0972

The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.8AI score0.0008EPSS

CVE•added 2005/02/09 5:0 a.m.•56 views

CVE-2004-0980

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

10CVSS7AI score0.01578EPSS

CVE•added 2005/02/17 5:0 a.m.•56 views

CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

5CVSS7.5AI score0.2586EPSS

CVE•added 2005/02/13 5:0 a.m.•53 views

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

7.1CVSS7.7AI score0.05947EPSS

CVE•added 2005/02/26 5:0 a.m.•53 views

CVE-2004-1737

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

7.5CVSS8.6AI score0.03848EPSS

CVE•added 2005/02/09 5:0 a.m.•51 views

CVE-2004-0937

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target syst...

7.5CVSS6.4AI score0.132EPSS

CVE•added 2005/02/13 5:0 a.m.•50 views

CVE-2004-1452

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

7.2CVSS7.2AI score0.00047EPSS

CVE•added 2005/02/09 5:0 a.m.•48 views

CVE-2004-0969

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS8.6AI score0.00122EPSS

CVE•added 2005/02/24 5:0 a.m.•38 views

CVE-2005-0535

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

7.5CVSS6.6AI score0.00874EPSS