Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0688

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Sep, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:24
Rejected At-
Credits

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Sep, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:24
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/537878
third-party-advisory
x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
https://usn.ubuntu.com/27-1/
vendor-advisory
x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2006/1914
vdb-entry
x_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
vendor-advisory
x_refsource_GENTOO
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
third-party-advisory
x_refsource_CERT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
vendor-advisory
x_refsource_MANDRAKE
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=109530851323415&w=2
mailing-list
x_refsource_BUGTRAQ
http://www.debian.org/security/2004/dsa-560
vendor-advisory
x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
vdb-entry
signature
x_refsource_OVAL
http://scary.beasts.org/security/CESA-2004-003.txt
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
vendor-advisory
x_refsource_APPLE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
vendor-advisory
x_refsource_CONECTIVA
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
vendor-advisory
x_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/11196
vdb-entry
x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
x_refsource_CONFIRM
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/20235
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://usn.ubuntu.com/27-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.debian.org/security/2004/dsa-560
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/11196
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/20235
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Resource:
vendor-advisory
x_refsource_SUNALERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/537878
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://usn.ubuntu.com/27-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.vupen.com/english/advisories/2006/1914
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=109530851323415&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.debian.org/security/2004/dsa-560
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://scary.beasts.org/security/CESA-2004-003.txt
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/11196
vdb-entry
x_refsource_BID
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/20235
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://usn.ubuntu.com/27-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-560
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/11196
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/20235
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Oct, 2004 | 04:00
Updated At:03 Apr, 2025 | 01:03

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
X.Org Foundation
x.org
>>x11r6>>6.7.0
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.8
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.6
cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0
cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.1
cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.2.11
cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.3
cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.0
cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.11
cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.12
cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.0
cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.3.0
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openbsd>>3.4
cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openbsd>>3.5
cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924cve@mitre.org
N/A
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=109530851323415&w=2cve@mitre.org
N/A
http://scary.beasts.org/security/CESA-2004-003.txtcve@mitre.org
N/A
http://secunia.com/advisories/20235cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-560cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlcve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlcve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/537878cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlcve@mitre.org
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-537.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/11196cve@mitre.org
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2006/1914cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796cve@mitre.org
N/A
https://usn.ubuntu.com/27-1/cve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924af854a3a-2127-422b-91ae-364da2661108
N/A
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=109530851323415&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://scary.beasts.org/security/CESA-2004-003.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/20235af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-560af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/537878af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-537.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/11196af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/1914af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/27-1/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/20235
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-560
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11196
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/27-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/20235
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-560
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/27-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

168Records found
CVE-2003-0028
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-56.05% / 98.01%
||
7 Day CHG~0.00%
Published-21 Mar, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Action-Not Available
Vendor-crayopenafsn/aMIT (Massachusetts Institute of Technology)IBM CorporationSilicon Graphics, Inc.OpenBSDFreeBSD FoundationGNUSun Microsystems (Oracle Corporation)HP Inc.
Product-glibchp-uxopenbsdaixhp-ux_series_700solarisirixunicoshp-ux_series_800sunosopenafsfreebsdkerberos_5n/a
CVE-2002-0758
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.02%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2014-1510
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-75.72% / 98.86%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-1532
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.33%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirddebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-416
Use After Free
CVE-2014-1692
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.79% / 89.05%
||
7 Day CHG~0.00%
Published-29 Jan, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1514
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.17% / 88.22%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausseamonkeyfirefox_esropensuseenterprise_linux_desktopubuntu_linuxsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1511
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-75.96% / 98.87%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2000-0750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 81.46%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

Action-Not Available
Vendor-n/aOpenBSDNetBSDRed Hat, Inc.
Product-linuxnetbsdopenbsdn/a
CVE-2014-1485
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.60%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseseamonkeyubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2014-1524
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.41% / 90.66%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirddebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-1999-0434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.63%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Action-Not Available
Vendor-n/aThe MITRE Corporation (Caldera)SUSENetBSDRed Hat, Inc.Debian GNU/Linux
Product-netbsdsuse_linuxdebian_linuxlinuxopenlinuxn/a
CVE-2001-0402
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.36% / 86.84%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

Action-Not Available
Vendor-darren_reedn/aOpenBSDFreeBSD Foundation
Product-ipfilteropenbsdfreebsdn/a
CVE-2013-7439
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-2.14% / 83.49%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.X.Org Foundation
Product-debian_linuxlibx11x11ubuntu_linuxn/a
CVE-2008-4247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.84% / 93.09%
||
7 Day CHG~0.00%
Published-25 Sep, 2008 | 19:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Action-Not Available
Vendor-n/aOpenBSDFreeBSD FoundationNetBSD
Product-openbsdfreebsdnetbsdn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5615
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.01% / 82.97%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEFedora ProjectCanonical Ltd.
Product-firefoxseamonkeyfirefox_esrubuntu_linuxopensusefedorasuse_linux_enterprise_serverthunderbirdsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CVE-2013-5616
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.87% / 85.75%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopenterprise_linux_server_ausfedoraseamonkeyfirefox_esropensuseenterprise_linux_desktopubuntu_linuxsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-416
Use After Free
CVE-2013-5619
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.73% / 81.68%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEFedora ProjectOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseseamonkeyubuntu_linuxfedoralinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-4480
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.14%
||
7 Day CHG~0.00%
Published-15 Nov, 2013 | 18:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-network_satellitesatellite_with_embedded_oraclesatellitemanagerlinux_enterprisen/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2013-4547
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-93.60% / 99.83%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

Action-Not Available
Vendor-n/aF5, Inc.openSUSESUSE
Product-nginxstudio_onsitelifecycle_management_serverwebyastopensusen/a
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2014-4608
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-8.66% / 92.08%
||
7 Day CHG~0.00%
Published-03 Jul, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSESUSECanonical Ltd.
Product-linux_kernelopensuseubuntu_linuxlinux_enterprise_real_time_extensionlinux_enterprise_servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2014-3468
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-7.66% / 91.51%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

Action-Not Available
Vendor-n/aGNUSUSERed Hat, Inc.Debian GNU/LinuxF5, Inc.
Product-enterprise_linux_serverlinux_enterprise_high_availability_extensionenterprise_linux_euslinux_enterprise_desktopdebian_linuxlibtasn1arxvirtualizationlinux_enterprise_software_development_kitgnutlsenterprise_linux_server_ausarx_firmwareenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_servern/a
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2012-5836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-12182
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 75.40%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-Debian GNU/LinuxX.Org Foundation
Product-debian_linuxxorg-serverxorg-x11-server
CWE ID-CWE-391
Unchecked Error Condition
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0731
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.15%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 20:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNovellSUSE
Product-apparmorlinux_kernelopen_susen/a
CWE ID-CWE-264
Not Available
CVE-2017-12184
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 73.80%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-Debian GNU/LinuxX.Org Foundation
Product-debian_linuxxorg-serverxorg-x11-server
CWE ID-CWE-391
Unchecked Error Condition
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0006
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-29.27% / 96.42%
||
7 Day CHG~0.00%
Published-18 Jan, 2008 | 22:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)X.Org Foundation
Product-solaris_libxfontsolaris_libfontxservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0419
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 85.53%
||
7 Day CHG~0.00%
Published-03 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

Action-Not Available
Vendor-xfree86_projectn/aGentoo Foundation, Inc.X.Org Foundation
Product-xdmx11r6linuxn/a
CVE-2007-5197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.34% / 84.22%
||
7 Day CHG~0.00%
Published-02 Nov, 2007 | 16:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

Action-Not Available
Vendor-monon/aDebian GNU/LinuxopenSUSESUSE
Product-debian_linuxsuse_united_linuxopensusesuse_linuxmonosuse_linux_openexchange_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5196
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.80%
||
7 Day CHG~0.00%
Published-14 Oct, 2007 | 18:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-310
Not Available
CVE-2007-4990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.79% / 87.61%
||
7 Day CHG~0.00%
Published-05 Oct, 2007 | 21:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-x_font_servern/a
CWE ID-CWE-189
Not Available
CVE-2007-4752
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG~0.00%
Published-12 Sep, 2007 | 01:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7944
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.49%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.

Action-Not Available
Vendor-n/aFedora ProjectX.Org Foundation
Product-fedoralibxfixesn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2014-0222
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.49%
||
7 Day CHG~0.00%
Published-04 Nov, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.

Action-Not Available
Vendor-n/aQEMUSUSE
Product-linux_enterprise_serverqemun/a
CVE-2006-5794
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.36% / 86.83%
||
7 Day CHG~0.00%
Published-08 Nov, 2006 | 20:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2013-4365
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.24% / 91.87%
||
7 Day CHG~0.00%
Published-17 Oct, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSESUSEThe Apache Software FoundationDebian GNU/Linux
Product-cloudopensusemod_fcgidhttp_serverdebian_linuxlinux_enterprise_software_development_kitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2005-3297
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.89% / 89.17%
||
7 Day CHG~0.00%
Published-23 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2005-3298
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.96% / 91.70%
||
7 Day CHG~0.00%
Published-23 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2005-0638
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.39% / 84.39%
||
7 Day CHG~0.00%
Published-04 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Action-Not Available
Vendor-altlinuxxlin/aSUSE
Product-alt_linuxxlisuse_linuxn/a
CVE-2005-0605
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.84% / 85.66%
||
7 Day CHG~0.00%
Published-04 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

Action-Not Available
Vendor-lesstifxfree86_projectaltlinuxn/aMandriva (Mandrakesoft)X.Org FoundationSilicon Graphics, Inc.SUSERed Hat, Inc.
Product-propackmandrake_linux_corporate_serverenterprise_linux_desktopsuse_linuxx11r6alt_linuxlesstiffedora_coreenterprise_linuxmandrake_linuxn/a
CVE-2005-0639
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.96% / 82.72%
||
7 Day CHG~0.00%
Published-04 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.

Action-Not Available
Vendor-altlinuxxlin/aSUSE
Product-alt_linuxxlisuse_linuxn/a
CVE-2005-0373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.76% / 89.02%
||
7 Day CHG~0.00%
Published-13 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-cyrusconectivaopenpkgn/aRed Hat, Inc.Apple Inc.SUSE
Product-saslmac_os_x_serveropenpkgsuse_linuxsuse_cvsuplinuxfedora_coremac_os_xn/a
CVE-2004-2338
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.81%
||
7 Day CHG~0.00%
Published-16 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CVE-2005-0206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.53% / 90.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Action-Not Available
Vendor-easy_software_productsasciicstexxpdfpdftohtmltetexn/aThe GNOME ProjectUbuntuKDEGentoo Foundation, Inc.SUSESilicon Graphics, Inc.Debian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-tetexxpdfubuntu_linuxkdecstetexdebian_linuxlinuxptexlinux_advanced_workstationpropackcupskofficegpdfmandrake_linux_corporate_serverenterprise_linux_desktopsuse_linuxkpdfadvanced_linux_environmentpdftohtmlfedora_coreenterprise_linuxn/a
CVE-2005-0005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.50% / 87.13%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

Action-Not Available
Vendor-n/aSilicon Graphics, Inc.Debian GNU/LinuxGentoo Foundation, Inc.GraphicsMagickSUSEImageMagick Studio LLC
Product-propackgraphicsmagicksuse_linuxdebian_linuximagemagicklinuxn/a
CVE-2012-1823
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-94.29% / 99.93%
||
7 Day CHG-0.06%
Published-11 May, 2012 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Action-Not Available
Vendor-n/aHP Inc.Fedora ProjectThe PHP GroupSUSEApple Inc.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-storage_for_public_cloudenterprise_linux_eusenterprise_linux_workstationhp-uxmac_os_xopensusegluster_storage_server_for_on-premisestorageapplication_stacklinux_enterprise_serverlinux_enterprise_software_development_kitenterprise_linux_desktopenterprise_linux_server_ausfedoradebian_linuxenterprise_linux_serverphpn/aPHP
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2004-1799
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.81%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CVE-2004-1175
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.40%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-1098
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.57%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Action-Not Available
Vendor-roaring_penguinn/aSUSEMandriva (Mandrakesoft)
Product-mimedefangsuse_linuxmandrake_linux_corporate_servermandrake_linuxn/a
CVE-2004-1176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.21% / 83.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.60% / 87.31%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Action-Not Available
Vendor-enlightenmentconectivaturbolinuxn/aUbuntuImageMagick Studio LLCSUSERed Hat, Inc.Sun Microsystems (Oracle Corporation)Mandriva (Mandrakesoft)
Product-imlibubuntu_linuxturbolinux_desktopjava_desktop_systemturbolinux_workstationimagemagicklinuxlinux_advanced_workstationmandrake_linux_corporate_serverturbolinux_serverenterprise_linux_desktopsuse_linuxfedora_coreenterprise_linuximlib2mandrake_linuxn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found