229 matches found
CVE-2018-20346
CVE-2018-20346 affects SQLite when the FTS3 extension is enabled. SQLite before 3.25.3 exhibits an integer overflow (and resulting buffer overflow) for FTS3 queries after crafted changes to FTS3 shadow tables, enabling remote attackers to execute arbitrary SQL statements and potentially take cont...
CVE-1999-0502
CVE-1999-0502 describes Unix accounts with default, null, blank or missing passwords. The documented impact is partial confidentiality, integrity, and availability compromise (authentication is none, allowing network access). CVSS base score 7.5 (HIGH) with network attack vector and low complexit...
CVE-2002-0083
CVE-2002-0083 is described in the initial document as an off-by-one error in the OpenSSH channel code affecting OpenSSH 2.0–3.0.2 that can allow privilege escalation. The connected F5 advisory (K1648) references CAN-2002-0083 and labels it as an OpenSSH array overflow vulnerability, but does not ...
CVE-2023-5981
CVE-2023-5981 affects GnuTLS via timing side-channel in RSA-PSK ClientKeyExchange, potentially leaking data. Connected docs show affected gnutls versions before 3.7.11-1 (CBLMARINER: CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1) and note CVE-2024-0553 as an incomplete re...
CVE-2000-0666
CVE-2000-0666 affects the rpc.statd component of the nfs-utils package across various Linux distributions. The vulnerability arises from the rpc.statd daemon failing to cleanse untrusted format strings, with CERT/CC documenting that user-supplied data can be passed to syslog as a format string, e...
CVE-1999-0002
CVE-1999-0002 is a buffer overflow in the NFS mountd service that can give remote root access on Linux-like systems. The core description across sources confirms a remote-executable overflow in mountd, potentially enabling privilege elevation without an account. Public references describe related...
CVE-2001-1013
Apache on Red Hat Linux with the UserDir directive enabled is affected by CVE-2001-1013. The vulnerability arises because the web server generates different error codes depending on whether a username exists and a public_html directory is present, versus when the username does not exist. This beh...
CVE-2018-17962
CVE-2018-17962 is a QEMU vulnerability: a buffer overflow in pcnet_receive() in hw/net/pcnet.c caused by an incorrect integer data type. The Initial Description confirms the flaw; connected Nessus advisories reference this CVE among other QEMU issues. The provided documents do not include the fix...
CVE-1999-0368
The CVE-1999-0368 issue involves buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD that can lead to remote root access (palmetto). Red Hat’s entry reiterates the same vulnerability. Nessus plugin 10318 (WU-FTPD Multiple Vulnerabilities) and 10318’s description cite the overflow as enabling...
CVE-2004-0079
The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...
CVE-2016-3699
CVE-2016-3699 affects the Linux kernel as used in Red Hat Enterprise Linux 7.2 and Red Hat MRG 2 when booted with UEFI Secure Boot. The issue allows local attackers to bypass Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. The connected documents corrob...
CVE-2001-0872
Technical details for CVE-2001-0872 are not provided in the connected documents. The initial description notes OpenSSH 3.0.1 with UseLogin and LD_PRELOAD cleansing issue. Monitor for updates.
CVE-2004-0081
CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...
CVE-2004-1235
CVE-2004-1235 documents a race condition in the Linux kernel (load_elf_library and binfmt_aout paths used by uselib) affecting 2.4 (through 2.429-rc2) and 2.6 (through 2.6.10). Exploitation allows a local user to execute arbitrary code by manipulating the VMA descriptor. The initial description p...
CVE-2005-0750
CVE-2005-0750 affects the Bluetooth driver in the Linux kernel (2.4.6–2.4.30-rc1 and 2.6–2.6.11.5). The bluez_sock_create function fails to validate a negative protocol value, allowing a local user to gain privileges via a crafted socket or socketpair call. Public details appear in multiple advis...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-2005-0206
Technical details about CVE-2005-0206 are not provided in the connected documents. Available sources reference related issues (CVE-2004-0888) and patch notes without explicit impact, affected products, or fixes for this CVE.
CVE-2007-1352
The CVE-2007-1352 issue is an integer overflow in the FontFileInitTable function of X.Org libXfont before 20070403. The vulnerability allows remote authenticated users to cause a heap overflow by placing a long first line in the fonts.dir file, potentially enabling arbitrary code execution. Affec...
CVE-2005-3624
CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...
CVE-2000-0844
The connected records confirm CVE-2000-0844 affects Unix locale subsystem functions that fail to cleanse user-supplied format strings, enabling local attackers to execute arbitrary commands through gettext, catopen, and related calls. The root cause is improper sanitization of format strings in l...
CVE-2000-0219
Red Hat 6.0 is affected: local root escalation via booting into single-user mode and interrupting at the password prompt. The Nessus entry notes the attacker with physical access can gain root via LILO/GRUB boot menus. Remediation guidance in the provided docs is limited; consider disabling or pr...
CVE-2005-3626
CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...
CVE-2002-2185
The CVE-2002-2185 issue concerns a flaw in IGMP processing in the Linux kernel that could let a local attacker cause a denial of service by sending an IGMP membership report addressed to a target’s Ethernet address rather than the multicast group address. Public advisories (e.g., RHSA-2006:0101 a...
CVE-2005-3625
CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...
CVE-1999-0009
Summary of CVE-1999-0009 from connected documents : The issue is an inverse query buffer overflow in BIND releases 4.9 and 8. The Red Hat entry mirrors the description: the vulnerability is an inverse query buffer overflow in BIND 4.9 and 8 releases. Tenable/Nessus references indicate this is a r...
CVE-1999-0010
CVE-1999-0010 describes a Denial of Service vulnerability in BIND 8 releases caused by maliciously formatted DNS messages. Connected docs corroborate the DoS issue and note remediation in HP-UX via patch PHNE_12957 for s700_800 11.00 Bind 4.9.7 components; other records repeat the DoS description...
CVE-1999-0011
CVE-1999-0011 corresponds to Denial of Service vulnerabilities in BIND 4.9 and BIND 8, reported across multiple vendors. Public records indicate DoS via CNAME records and zone transfers. Affected products include BIND 4.9.x and 8.x; the root cause is not detailed in the provided documents beyond ...
CVE-1999-0710
CVE-1999-0710 affects the Squid proxy (publicly accessible cachemgr.cgi) and allows remote attackers to use it as an intermediary to connect to other systems. OpenVAS/Nessus entries corroborate a public-facing cachemgr.cgi risk across Red Hat, Debian, CentOS, and FreeBSD/OpenBSD ecosystems. The R...
CVE-2007-3103
The CVE-2007-3103 issue affects the X.Org X11 xfs font server on Linux, caused by a race in the startup script that handles a temporary file in /tmp/.font-unix. A local user could abuse a symlink to modify file permissions, potentially elevating privileges. Exploitation details are not provided b...
CVE-2003-0248
CVE-2003-0248 affects the Linux kernel 2.4 series; the issue is in the mxcsr code, allowing an attacker to modify CPU state registers via a malformed address. Per available data, the impact is rated as complete confidentiality, integrity, and availability (base CVSS v2 score 10.0). The provided d...
CVE-2001-0169
CVE-2001-0169 : The GNU C Library (glibc) fails to verify that libraries loaded via LD_PRELOAD into SUID/SGID processes are also non-SUID/non-SGID when they come from /etc/ld.so.cache, enabling a local user to pre-load a library from /lib or /usr/lib and overwrite privileged files. Documented in ...
CVE-2004-1335
The CVE-2004-1335 entry describes a memory leak in the Linux kernel’s ip_options_get function (pre-2.6.10) that can cause local denial of service via repeated ip_cmsg_send calls. Affected component is the kernel networking stack; impact is partial availability due to memory exhaustion. The vulner...
CVE-2004-0904
CVE-2004-0904 : Integer overflow in the BMP decoder can trigger heap-based buffer overflows, enabling remote code execution. Affected products are Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. Remediation is to apply fixes/updates released after the...
CVE-2004-1026
CVE-2004-1026 involves multiple integer overflows in the image handler of the imlib library (versions up to 1.9.14 and earlier) that is used by gkrellm and several window managers. The issue, documented across OpenVAS and Gentoo GLSA entries, is rooted in the image processing code and can be trig...
CVE-1999-0043
CVE-1999-0043 affects the INN daemon (innd) v1.5, where command execution is possible via shell metacharacters in control messages (e.g., "newgroup", "rmgroup"). Documents consistently reference INN 1.5 and shell metachar vulnerabilities; remediation guidance appears as upgrading to 1.6 or later....
CVE-2001-0170
Technical specifics (affected product versions, root cause, mitigations, or exploit details) are not publicly provided in the supplied documents; monitor for updates.
CVE-2003-0247
CVE-2003-0247: Affects the Linux kernel 2.4 series in the TTY layer, enabling a denial-of-service via a kernel oops. Public docs reference Debian/Red Hat advisories and OpenVAS entries noting missing updates to kernel patches (e.g., 2.4.18-powerpc, 2.4.17-mips) as remediation. The connected docs ...
CVE-2003-0434
Vulnerability CVE-2003-0434 affects multiple PDF viewers, notably Adobe Acrobat 5.0 and Xpdf 1.01. The issue arises from shell metacharacters in embedded hyperlinks, allowing remote attackers to execute arbitrary commands when a user opens a specially crafted PDF. Impact is described as remote co...
CVE-2002-0062
CVE-2002-0062 is a local privilege-escalation in ncurses 5.0 and the ncurses4 compatibility package, caused by a buffer overflow in routines for moving the physical cursor and scrolling. Debian and Red Hat advisories describe the issue and assign CAN-2002-0062. Affected products include ncurses 5...
CVE-2004-1025
CVE-2004-1025 concerns multiple heap-based buffer overflows in imlib 1.9.14 and earlier, a library used by gkrellm and several window managers. The vulnerability allows remote attackers to crash the application and, per the description, to execute arbitrary code via crafted image files, effective...
CVE-2004-0902
The CVE-2004-0902 entry refers to multiple heap-based buffer overflows in Mozilla Firefox and Mozilla suite components (Firefox before the Preview Release, Mozilla before 1.7.3, Thunderbird before 0.8). The issues allow remote attackers to cause an application crash (DoS) or execute arbitrary cod...
CVE-2000-0508
This CVE concerns rpc.lockd in Red Hat Linux 6.1 and 6.2, where remote attackers can cause a denial of service by sending a malformed request. The available connected documents corroborate the affected component (rpc.lockd) and the impact (remote DoS), but do not provide concrete patch versions o...
CVE-2003-0461
CVE-2003-0461 affects the Linux kernel 2.4.x family. The /proc/tty/driver/serial interface exposes the exact number of characters used in serial links, which could allow local users to infer sensitive information such as password lengths. Public advisories confirm fixes via kernel updates or acce...
CVE-2004-0903
CVE-2004-0903 describes a stack-based buffer overflow in the writeGroup function of nsVCardObj.cpp, affecting Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. An attacker could remotely execute arbitrary code by processing malformed VCard attachments d...
CVE-1999-0405
The CVE-1999-0405 entry concerns a buffer overflow in the lsof utility that allows local users to obtain root privileges. The connected documents corroborate the issue as a buffer overflow in lsof, with references from Red Hat and CVE listings. No detailed vendor/version information, exploit scen...
CVE-2001-0852
CVE-2001-0852 affects TUX HTTP server 2.1.0-2 on Red Hat Linux, allowing a remote attacker to cause a denial of service by sending a long Host header. The related Red Hat advisory RHSA-2001:142 notes a remote DoS fix affecting the TUX web server and indicates the fix is part of updated kernel pac...
CVE-2002-0638
CVE-2002-0638 concerns the util-linux package’s login utilities (notably setpwnam.c used by chfn/chsh). The advisory describes a race condition caused by inadequate locking of a temporary file used when modifying /etc/passwd, enabling a local attacker to escalate privileges. The issue affects Red...
CVE-2003-0552
Summary: CVE-2003-0552 affects the Linux kernel 2.4.x bridge handling, enabling remote attackers to spoof the bridge forwarding table by sending forged packets whose source addresses match the target. The vulnerability is described in multiple advisories (e.g., Debian DSA-423-1 and RHSA-2003:239)...
CVE-1999-0390
CVE-1999-0390 describes a buffer overflow in the Dosemu Slang library for Linux. The set of connected records attributes a local, low-complexity vulnerability with no authentication requirement, potentially impacting confidentiality, integrity, and availability (per NVD metrics). The available do...
CVE-2000-1134
CVE-2000-1134 concerns multiple shells (tcsh, csh, sh, bash) that follow symlinks when processing here-documents (<