CVE-1999-0024

CVE-1999-0024 describes a DNS cache-poisoning flaw in BIND caused by predictable DNS query IDs. The connected sources consistently state DNS cache poisoning via BIND, with related discussions in Red Hat/Security advisories and CERT context. The materials do not provide a concrete patch version or...

CVE-1999-0017

CVE-1999-0017 is a documented FTP bounce vulnerability where an FTP server can be abused to connect to arbitrary ports on an attacker-controlled host by exploiting the PORT/PORT-like mechanisms. The core issue is that an FTP server’s data connection handling allows bounce traffic to other hosts (...

CVE-2001-0797

CVE-2001-0797 is a buffer overflow in the System V–derived /bin/login (affecting login/telnetd implementations such as TTYPROMPT) triggered by a large number of arguments, enabling remote arbitrary-command execution. The vulnerability affects various System V based OSes and can be exploited via s...

CVE-2004-1082

CVE-2004-1082 affects Apache 1.3.31 and 1.3.32 on Mac OS X Server. The vulnerability arises in mod_digest_apple where the server does not properly verify the nonce in a client response, allowing remote attackers to replay credentials. The NVD entry (CVSS v2 base score 7.5, HIGH) indicates a netwo...

CVE-1999-0368

The CVE-1999-0368 issue involves buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD that can lead to remote root access (palmetto). Red Hat’s entry reiterates the same vulnerability. Nessus plugin 10318 (WU-FTPD Multiple Vulnerabilities) and 10318’s description cite the overflow as enabling...

CVE-2004-0079

The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...

CVE-2000-0147

The CVE-2000-0147 issue affects snmpd on SCO OpenServer, where the SNMP community string is writable by default. This enables local attackers to modify the host’s configuration. Connected sources corroborate the default-write vulnerability but do not provide a patch or explicit remediation details.

CVE-2004-0081

CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...

CVE-2004-0112

The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

CVE-1999-0019

Technical details about CVE-1999-0019 are not publicly available in the provided documents. Monitor for official advisories for affected products, impact, and remediation.

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

CVE-2005-0109

Technical details for CVE-2005-0109 are not provided in the supplied documents. The set includes historical references and later OpenSSL advisories, but no specific product, root cause, impact, or fix details here. Monitor for updates.

CVE-2005-3626

CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...

CVE-1999-0011

CVE-1999-0011 corresponds to Denial of Service vulnerabilities in BIND 4.9 and BIND 8, reported across multiple vendors. Public records indicate DoS via CNAME records and zone transfers. Affected products include BIND 4.9.x and 8.x; the root cause is not detailed in the provided documents beyond ...

CVE-1999-0010

CVE-1999-0010 describes a Denial of Service vulnerability in BIND 8 releases caused by maliciously formatted DNS messages. Connected docs corroborate the DoS issue and note remediation in HP-UX via patch PHNE_12957 for s700_800 11.00 Bind 4.9.7 components; other records repeat the DoS description...

CVE-1999-0078

CVE-1999-0078 affects pcnfsd (rpc.pcnfsd). The vulnerability allows local users to change file permissions or execute arbitrary commands via arguments in the RPC call. Practical impact is limited to local-privilege abuse as described in multiple sources, with no public fixes reported in the docum...

CVE-1999-0128

CVE-1999-0128 refers to a historic Ping of Death, where oversized ICMP echo packets can cause a denial of service. The initial entry and connected Red Hat/RedHat advisory records reiterate the same description without listing affected products, versions, root cause details, or exploitable vectors...

CVE-1999-0023

CVE-1999-0023 affects the rdist utility, with the vulnerability located in the lookup() function where a buffer overflow can be exploited by a local user to gain root privileges. Connected documents consistently describe local privilege escalation via rdist’s lookup() overflow, with several advis...

CVE-1999-0131

CVE-1999-0131 affects Sendmail up to version 8.7.5 and earlier, where a vulnerability in the GECOS field processing can cause a buffer overflow and denial of service that may grant root access to local users. Publicly documented by Red Hat and OpenVAS entries, as well as CVE records, the vulnerab...

CVE-2001-1148

CVE-2001-1148: Multiple buffer overflows in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (atcronsh, auditsh, authsh, backupsh, lpsh, sysadm.menu, or termsh); affected software is SCO OpenServer components used by scoadmin/sysadmsh....

CVE-1999-0153

CVE-1999-0153 corresponds to a Windows 95/NT vulnerability (WinNuke) where sending a NetBIOS OOB data packet to the affected host can cause a denial of service. The vulnerability is described across multiple sources (CVE records, Red Hat advisory, NVD/Nessus notes) as an out-of-band data DoS cond...

CVE-2005-2926

CVE-2005-2926 affects SCO OpenServer 5.0.7: stack-based buffer overflow in backupsh and authsh triggered by a crafted HOME environment variable. Local attackers can execute arbitrary code with group backup or auth privileges (authsh could gain root). OpenServer 5.0.7 binaries backupsh/authsh are ...

CVE-1999-0345

CVE-1999-0345 concerns a Jolt ICMP attack that causes denial of service in Windows 95 and Windows NT systems. The vul nerability affects the ICMP handling component (the exact vulnerable subsystem is not explicitly named in the provided documents). Reported impact is denial of service (availabili...

CVE-1999-0893

CVE-1999-0893 relates to SCO OpenServer and involves the userOsa component. The connected PT-1999-1441 entry describes a local vulnerability where an attacker can exploit a symlink race to corrupt files via userOsa. It notes that affected SCO OpenServer versions are not specified and provides no ...

CVE-1999-0129

CVE-1999-0129 affects Sendmail and enables local privilege escalation: authenticated or local users can write to a file and gain group permissions via a ".forward" or ":include:" file. Confirmed in multiple connected documents: OpenVAS notes Sendmail 8.8.x up to 8.8.3 vulnerable to group write/fi...

CVE-1999-1450

Technical details about CVE-1999-1450 are not publicly available in the provided documents. Monitor for updates.

CVE-1999-0851

CVE-1999-0851 affects ISC BIND with a denial-of-service via naptr. Connected sources indicate multiple remote vulnerabilities in BIND and provide a remediation: upgrade to BIND 8.2.2-P5 or 4.9.7-REL. The vulnerability is described as DoS on the named service; no exploit details or vector are prov...

CVE-2004-0510

CVE-2004-0510 affects SCO OpenServer 5.0.6 and 5.0.7 where MMDF contains multiple buffer overflows (notably in execmail) that may allow an attacker to execute arbitrary code. The vulnerability is documented across multiple sources (SCOSA-2004.7 advisory) and CVE mappings CAN-2004-0510/0511/0512. ...

CVE-1999-0096

CVE-1999-0096 concerns Sendmail where the decode alias mechanism can be abused to overwrite sensitive files. The connected documents provide concrete details: the issue arises from a misconfigured decode alias that pipes mail to a program, enabling arbitrary file overwrites on the remote server. ...

CVE-2003-0791

CVE-2003-0791 affects Mozilla 1.4 and earlier, where Script.prototype.freeze/thaw can be abused: by altering the string given to script.thaw, input is deserialized and native methods may be executed. The connected records consistently reference Mozilla 1.4 and earlier as vulnerable, with the issu...

CVE-1999-0835

CVE-1999-0835 describes a denial-of-service in BIND named caused by a buffer overflow in the rrextract routine when decoding SIG records. In particular, for T_SIG, the code computes an unsigned length and copies data with a potentially large third argument to memcpy if the computed length is malf...

CVE-2000-0307

The vulnerability CVE-2000-0307 affects the xserver component in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier. It enables a denial of service that prevents access to reserved port numbers below 1024. Public records do not provide exploit details, additional affected versions beyond the stat...

CVE-2001-0576

The CVE-2001-0576 entry describes a local privilege escalation in SCO OpenServer 5.0–5.0.6 via a buffer overflow in the lpusers helper when processing the -u parameter. The vulnerability allows a local attacker to gain additional privileges. The primary sources here confirm the affected product (...

CVE-2004-0390

SCO OpenServer 5.0.5–5.0.7 exposes an authentication gap: it supports Xauthority style access control only when logging in via scologin, which can allow an unauthorized user to gain access to an X session through other X login methods. The vulnerability is described in CVE-2004-0390 and has a hig...

CVE-2004-1131

CVE-2004-1131 affects SCO OpenServer 5.0.6 and 5.0.7. The vulnerability involves multiple buffer overflows in the enable command, allowing local users to execute arbitrary code via long command line arguments. These details come from the description of the CVE entry and are corroborated by associ...

CVE-1999-0033

CVE-1999-0033 : Description indicates command execution on Sun systems caused by a buffer overflow in the at program. Affected software: Sun systems, component: at. Root cause: buffer overflow in at allows arbitrary command execution. Impact: unauthorized command execution with likely complete sy...

CVE-2004-1039

The CVE-2004-1039 issue affects SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1 (and possibly other versions) when NFS mountd is run via inetd. The vulnerability arises because inetd spawns a new mountd process for each NFS mount-related request, causing memory exhaustion and potentially a system cra...

CVE-2006-0072

CVE-2006-0072 corresponds to a buffer overflow in SCO OpenServer 5.0.7's termsh component that can be exploited by a remote attacker via a long -o command line argument to execute arbitrary code. The vulnerability is distinct from CVE-2005-0351 and the connected sources reiterate the same affecte...

CVE-1999-0476

The CVE-1999-0476 entry concerns SCO TermVision which uses a weak password encryption algorithm. The root cause is weak encryption that allows a local user to easily decrypt passwords stored by TermVision. Impact is limited to confidentiality and integrity of password data, as described in the so...

CVE-2004-0511

CVE-2004-0511 refers to multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6/5.0.7 (and possibly other OSes) that can cause a denial of service via a null dereference. Connected sources document this as buffer overflows and related MMDF security issues, with CAN-2004-0511 (null dereferenc...

CVE-2001-1578

CVE-2001-1578 affects SCO OpenServer 5.0.6 and earlier. The vulnerability allows a local attacker to modify critical information, including certain CPU registers and segment descriptors. The available documents do not specify a patch or remediation; no exploit details are provided. Implementation...

CVE-1999-1138

The CVE affects SCO UNIX System V/386 Release 3.2 and other SCO products. Its description states that home directories are created under /tmp (dos user) and /usr/tmp (asg user), which are world-writable, enabling other users to access those accounts. The underlying issue is the use of world-writa...

CVE-2001-0627

The CVE cites SCO OpenServer’s vi (5.0.0–5.0.6) as vulnerable: it creates insecure, world-writable temporary files in /tmp with predictable names, allowing a local attacker to exploit a symlink to overwrite arbitrary files writable by the user. The impact is file integrity loss for targeted files...

CVE-2002-1199

The CVE-2002-1199 issue affects the ypxfrd daemon used for NIS map distribution. The getdbm procedure constructs a path to /var/yp/domain/map without proper validation, allowing directory traversal via the domain and map arguments and enabling a symlink-based override that can expose files outsid...

CVE-1999-0411

The vulnerability CVE-1999-0411 affects SCO OpenServer Enterprise System v5.0.4p, where startup scripts S84rpcinit, S95nis, S85tcp, and S89nfs are susceptible to a symlink attack that can let a local user gain root access. The root cause is a symlink-attack in the startup scripts, enabling privil...

CVE-2004-0512

CVE-2004-0512 refers to multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6/5.0.7 (and possibly other OSes) that may allow a denial of service via a core dump. The Full-Disclosure SCO advisory SCOSA-2004.7 documents buffer overflows, null dereferences, and core dumps affecting MMDF binar...

CVE-1999-1041

CVE-1999-1041 is a local privilege escalation affecting SCO OpenServer 5.0 and SCO UNIX 3.2v4 through a buffer overflow in the mscreen program. The vulnerability can be triggered by processing an excessively long TERM environment variable and by an overly long entry in the .mscreenrc file, enabli...

CVE-2003-0872

The CVE-2003-0872 issue affects OpenServer prior to version 5.0.6. The vulnerability arises from insecure handling of temporary files in several OpenServer scripts, enabling local users to overwrite files via a symlink attack on /tmp and perform other unauthorized activities. According to the CVE...

CVE-1999-0798

CVE-1999-0798 : The vulnerability is a buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux caused by a malformed header type. This year‑old CVE is referenced across multiple feeds (NVD, Red Hat, CVE List) with consistent description. Impact described in sources as a buffer overflow affecting...