Search Results (Refine Search)
- CPE Product Version: cpe:/o:debian:debian_linux:3.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2004-0564 |
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings. Published: December 23, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0833 |
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages. Published: December 23, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-1139 |
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). Published: December 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1142 |
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. Published: December 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1145 |
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. Published: December 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1581 |
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter. Published: December 06, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-0451 |
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. Published: December 06, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-0455 |
Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql. Published: December 06, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2004-0456 |
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. Published: December 06, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2004-0835 |
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0836 |
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-0837 |
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. Published: November 03, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2004-0772 |
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. Published: October 20, 2004; 12:00:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2004-0458 |
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. Published: September 28, 2004; 12:00:00 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2004-0642 |
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. Published: September 28, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0643 |
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. Published: September 28, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2004-0689 |
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. Published: September 28, 2004; 12:00:00 AM -0400 |
V3.1: 7.1 HIGH V2.0: 4.6 MEDIUM |
CVE-2004-0809 |
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. Published: September 16, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-0522 |
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-0579 |
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |