Search Results (Refine Search)
- CPE Product Version: cpe:/o:mandrakesoft:mandrake_linux:10.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2005-3624 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-3625 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-3626 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-1267 |
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. Published: June 10, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0085 |
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Published: April 27, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2004-1235 |
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. Published: April 14, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2005-0003 |
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. Published: April 14, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-0020 |
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. Published: April 14, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-0472 |
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. Published: March 14, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0473 |
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. Published: March 14, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0605 |
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. Published: March 02, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0983 |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. Published: March 01, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1051 |
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. Published: March 01, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-0503 |
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. Published: February 21, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2004-0937 |
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0974 |
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0975 |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0977 |
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. Published: February 09, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0932 |
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. Published: January 27, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0933 |
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. Published: January 27, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |