65 matches found
CVE-2002-0083
CVE-2002-0083 is described in the initial document as an off-by-one error in the OpenSSH channel code affecting OpenSSH 2.0–3.0.2 that can allow privilege escalation. The connected F5 advisory (K1648) references CAN-2002-0083 and labels it as an OpenSSH array overflow vulnerability, but does not ...
CVE-2000-0666
CVE-2000-0666 affects the rpc.statd component of the nfs-utils package across various Linux distributions. The vulnerability arises from the rpc.statd daemon failing to cleanse untrusted format strings, with CERT/CC documenting that user-supplied data can be passed to syslog as a format string, e...
CVE-2004-0940
CVE-2004-0940 is a confirmed vulnerability: a buffer overflow in mod_include.get_tag() affects Apache 1.3.x up to 1.3.32, allowing local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. The impact is ...
CVE-2004-1154
Samba vulnerability CVE-2004-1154 affects Samba 2.x and 3.0.x up to 3.0.9. The issue is a heap-based buffer overflow triggered by a Samba request carrying a very large number of security descriptors, leading to remote authentication and potentially code execution via an overflow, with denial of s...
CVE-2004-1019
CVE-2004-1019 affects PHP before 4.3.10 and PHP 5.x up to 5.0.2. Deserialization in unserialize() on untrusted data can lead to remote code execution, denial of service, information disclosure, and triggering results like double-free and negative reference index array underflow. Affected componen...
CVE-2007-0910
CVE-2007-0910 refers to an unspecified vulnerability in PHP prior to 5.2.1 that allows an attacker to clobber certain super-global variables via unspecified vectors. The connected OpenVAS entries corroborate that PHP
CVE-2004-0595
The CVE-2004-0595 issue affects PHP’s strip_tags function in PHP 4.x (up to 4.3.7) and 5.x (up to 5.0.0RC3). The vulnerability arises because null characters (\0) in tag names are not filtered when restricting input to allowed tags, allowing dangerous tags to slip through and be processed by brow...
CVE-2007-0906
CVE-2007-0906: Several buffer overflows in PHP before 5.2.1 allow denial of service and possibly arbitrary code execution via vectors in the session, zip, imap, and sqlite extensions; stream filters; and in functions such as str_replace, mail, ibase_delete_user, ibase_add_user, and ibase_modify_u...
CVE-2007-0909
PHP 5.2.1 and earlier versions are affected by CVE-2007-0909 due to format string vulnerabilities in 64‑bit print functions and odbc_result_all, enabling arbitrary code execution. OpenVAS/Nessus references confirm this is fixed in later PHP releases by backported patches (PHP 5.2.1+). Affected co...
CVE-2004-0941
CVE-2004-0941 concerns the GD Graphics Library (libgd) with multiple buffer overflow vulnerabilities in versions up to 2.0.21 and earlier. The listed issue arises when parsing PNG/image data, where malformed image files trigger overflows during calls to gdMalloc, enabling remote attackers to pote...
CVE-2005-1267
The CVE-2005-1267 issue affects the BGP dissector in tcpdump (v3.x). The vuln arises when bgp_update_print fails to handle a -1 return from decode_prefix4, enabling a remote attacker to trigger a denial-of-service via an infinite loop by sending a crafted BGP packet. The impact is a DoS on affect...
CVE-2004-1011
CVE-2004-1011 describes a stack-based overflow in Cyrus IMAP Server 2.2.4–2.2.8 when the imapmagicplus option is enabled. The overflow occurs in handling long PROXY or LOGIN commands, due to copying the username into a small stack buffer without proper length checks, allowing a remote attacker to...
CVE-2005-3624
CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...
CVE-2004-0600
CVE-2004-0600 affects Samba SWAT (the Web Administration Tool) used with Samba 3.0.2–3.0.4. The vulnerability arises from a flaw in HTTP basic authentication base64 decoding, leading to a heap-based buffer overflow that can allow remote code execution or a denial of service. Public references (Sa...
CVE-2004-1012
CVE-2004-1012 affects Cyrus IMAP Server 2.2.6 and earlier. The vulnerability arises in the PARTIAL command argument parsing: a command like body[ p is treated as body.peek, triggering an index increment error and out-of-bounds memory corruption that enables remote authenticated code execution. Co...
CVE-2004-0493
The CVE-2004-0493 entry relates to Apache httpd 2.0.x prior to 2.0.50, where long MIME header lines with excessive spaces/tabs can cause memory exhaustion and, on 64-bit systems, a potential heap-based buffer overflow. Connected advisories confirm DoS concerns across Apache 2.0.x and related modu...
CVE-2007-0907
CVE-2007-0907 : Buffer underflow in PHP before 5.2.1 can cause a denial of service via the sapi_header_op function. Vulnerable in contexts covered by PHP’s pre-5.2.1 releases; impact is denial of service (availability). Remediation from the referenced advisories/changelogs indicates upgrading to ...
CVE-2004-0421
CVE-2004-0421 is a libpng vulnerability where an out-of-bounds read can occur while copying error-message data, allowing a crash via crafted PNGs in libpng 1.0.x up to and including 1.0.15 (and earlier). The linked Nessus/OpenVAS data notes this issue as a regression referenced in later advisorie...
CVE-2000-0844
The connected records confirm CVE-2000-0844 affects Unix locale subsystem functions that fail to cleanse user-supplied format strings, enabling local attackers to execute arbitrary commands through gettext, catopen, and related calls. The root cause is improper sanitization of format strings in l...
CVE-2004-0803
CVE-2004-0803 affects the libtiff RLE decoders in libtiff 3.6.x and earlier, with buffer overflows and integer overflow issues that could allow a remote attacker to execute arbitrary code by feeding a crafted TIFF file. The connected advisories (RHSA/CESA/CENTA, Slackware/Tenable/NASL entries) in...
CVE-2004-0949
CVE-2004-0949 affects the Samba filesystem smbfs in Linux kernel 2.4/2.6, where smb_recv_trans2 fails to reassemble fragmented packets, allowing a remote attacker via the network to read arbitrary kernel information or to inflate a counter by replaying the first fragment. Public advisories (RHSA,...
CVE-2005-3625
CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...
CVE-2004-0077
CVE-2004-0077 corresponds to a bounds-checking flaw in the Linux kernel mremap implementation (2.2 to 2.6.2). The issue arises when do_munmap return value is not properly checked after exceeding the maximum VMA descriptors, enabling a local attacker to gain root privileges. Connected advisories c...
CVE-2004-1073
The CVE-2004-1073 entry affects the Linux kernel (2.4.x up to 2.4.27 and 2.6.x up to 2.6.8). It is caused by the open_exec path of the execve functionality (exec.c), where the interpreter (PT_INTERP) handling can allow local users to read non-readable ELF binaries. The description specifies local...
CVE-2004-0809
CVE-2004-0809 affects the Apache mod_dav WebDAV module in Apache 2.0.50 and earlier, allowing remote attackers to cause a denial of service (child process crash) via a particular sequence of LOCK requests for locations with WebDAV access. Connected documents in OpenVAS/Tenable references corrobor...
CVE-2004-0594
The CVE-2004-0594 issue affects PHP memory_limit in PHP 4.x (up to 4.3.7) and 5.x (up to 5.0.0RC3), particularly when register_globals is enabled. The vulnerability allows a remote attacker to execute arbitrary code by triggering a memory_limit abort during zend_hash_init and overwriting a HashTa...
CVE-2005-3626
CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...
CVE-2004-0883
CVE-2004-0883 concerns multiple vulnerabilities in the Samba filesystem (smbfs) within the Linux kernel (versions 2.4 and 2.6). The description states that remote Samba servers could cause a denial of service (kernel crash) or information disclosure by triggering one of several flawed packet-hand...
CVE-2004-0977
CVE-2004-0977 affects PostgreSQL 7.4.5 and earlier. The vulnerability is in the make_oidjoins_check script, where a symlink attack on temporary files can allow a local user to overwrite files. One connected reference notes an attack could overwrite arbitrary files with the credentials of the user...
CVE-2007-0905
CVE-2007-0905 is described by Red Hat as a PHP vulnerability where PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. The description notes this may be a duplicate of CVE-2006-6383. The issue affects PHP prior to 5...
CVE-2004-1072
CVE-2004-1072 describes a vulnerability in the Linux kernel where the binfmt_elf loader (binfmt_elf.c) may create an interpreter name string that is not NULL terminated, allowing strings longer than PATH_MAX to be used. This can cause buffer overflows that may lead to a local denial of service (h...
CVE-2001-0169
CVE-2001-0169 : The GNU C Library (glibc) fails to verify that libraries loaded via LD_PRELOAD into SUID/SGID processes are also non-SUID/non-SGID when they come from /etc/ld.so.cache, enabling a local user to pre-load a library from /lib or /usr/lib and overwrite privileged files. Documented in ...
CVE-2004-0886
CVE-2004-0886 is a libtiff integer overflow issue (v3.6.1 and earlier) that allows a remote attacker to crash or memory-corrupt a target via crafted TIFF images, due to incorrect malloc calls. Multiple advisories (RH/RHSA, CentOS, Slackware, Mandrake) note libtiff-related fixes; updates/patches e...
CVE-2004-1070
Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2004-0497
CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...
CVE-2005-0156
The CVE-2005-0156 issue affects Perl 5.8.0 when built with setuid support (sperl). The vulnerability is a buffer overflow in the PerlIO implementation that can be triggered by setting PERLIO_DEBUG and running a Perl script whose full pathname has a long directory tree. This allows local users to ...
CVE-2005-0001
CVE-2005-0001 describes a race condition in the Linux kernel page fault handler (fault.c) that affects multiprocessor systems. Affected kernel lines include 2.2.x to 2.2.7, 2.4 up to 2.4.29, and 2.6 up to 2.6.10. The vulnerability enables local attackers to execute arbitrary code by exploiting co...
CVE-2005-0988
CVE-2005-0988 describes a race condition in gzip prior to 1.3.5 that affects permission handling during decompression. Specifically, when decompressing a file, a local attacker could exploit a hard-link or timing issue to change the permissions of an arbitrary file (or overwrite it) in the target...
CVE-2004-0990
CVE-2004-0990 describes an integer overflow in the GD Graphics Library (libgd) 2.0.28 (and possibly earlier/other versions) that can be triggered by PNG image files with large image row values. This leads to a heap-based buffer overflow in gdImageCreateFromPngCtx, enabling remote denial of servic...
CVE-2004-0565
CVE-2004-0565 affects Linux 2.4.x kernel code where the MFH bit is checked without verifying the FPH owner in the context switch path. This enables local attackers to read register values of other processes, exposing partial confidentiality. The vulnerability description explicitly states the iss...
CVE-2004-0685
The CVE-2004-0685 issue affects Linux kernel 2.4 USB drivers that use copy_to_user on uninitialized structures, enabling local attackers to read memory not cleared from prior usage and potentially leak sensitive information. The description specifies local/partial impacts on confidentiality and i...
CVE-2004-0957
CVE-2004-0957 affects MySQL up to version 3.23.58 and earlier. A local user with privileges on a database whose name contains an underscore could grant privileges to other databases with similar names, enabling unauthorized activities. Connected advisories (e.g., SLES9, Ubuntu USN-32-1) show this...
CVE-2004-1051
Technical details about CVE-2004-1051 are not publicly available in the provided documents. Monitor for updates as new information may be published.
CVE-2004-0918
CVE-2004-0918: Squid’s SNMP parser (asn_parse_header in asn1.c) before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) by sending SNMP packets with negative length fields that trigger a memory allocation error. The issue yields a partial availability impact and i...
CVE-2004-1304
CVE-2004-1304 affects the file utility; a stack-based buffer overflow in the ELF header parsing code (in file before 4.12) could allow arbitrary code execution when processing a crafted ELF file. Impact: arbitrary code execution with full privileges as described in the vulnerability entry. Remedi...
CVE-2005-0384
CVE-2005-0384 : Unknown vulnerability in the Linux kernel 2.6.8.1 PPP driver that allows a remote attacker using a pppd client to cause a kernel crash (denial of service). Public references include Red Hat advisories and Debian/Ubuntu advisories; no specific fix version is provided in the supplie...
CVE-2004-1013
CVE-2004-1013 affects Cyrus IMAP Server 2.2.x–2.2.8. The argument parser for FETCH can be exploited by remote authenticated users through commands such as body[p or binary[p, triggering an index increment error that causes out-of-bounds memory corruption and allows arbitrary code execution. The v...
CVE-2004-0989
CVE-2004-0989 affects libxml versions prior to 2.6.14. Multiple remote-buffer overflow flaws in FTP/HTTP URL handling and DNS processing could allow arbitrary code execution. Root causes include overflows in xmlNanoFTPScanURL, xmlNanoFTPScanProxy, and DNS length handling (xmlNanoFTPConnect, xmlNa...
CVE-2004-1065
CVE-2004-1065 describes a buffer overflow in PHP’s exif_read_data function, permitting remote code execution via a long section name in an image. Affected are PHP versions before 4.3.10 and PHP 5.x up to 5.0.2. The vulnerability enables an attacker to run arbitrary code on the affected server, wi...
CVE-2004-1071
The CVE-2004-1071 issue affects the Linux kernel’s binfmt_elf loader (binfmt_elf.c) in kernels 2.4.x up to 2.4.27 and 2.6.x up to 2.6.8. A failed mmap is not handled correctly, leading to an incorrectly mapped image and potential local code execution by unauthorized users. The connected SUSE advi...