Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0688

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Sep, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:24
Rejected At-
Credits

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Sep, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:24
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/537878
third-party-advisory
x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
https://usn.ubuntu.com/27-1/
vendor-advisory
x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2006/1914
vdb-entry
x_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
vendor-advisory
x_refsource_GENTOO
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
third-party-advisory
x_refsource_CERT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
vendor-advisory
x_refsource_MANDRAKE
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=109530851323415&w=2
mailing-list
x_refsource_BUGTRAQ
http://www.debian.org/security/2004/dsa-560
vendor-advisory
x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
vdb-entry
signature
x_refsource_OVAL
http://scary.beasts.org/security/CESA-2004-003.txt
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
vendor-advisory
x_refsource_APPLE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
vendor-advisory
x_refsource_CONECTIVA
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
vendor-advisory
x_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/11196
vdb-entry
x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
x_refsource_CONFIRM
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/20235
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://usn.ubuntu.com/27-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.debian.org/security/2004/dsa-560
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/11196
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/20235
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Resource:
vendor-advisory
x_refsource_SUNALERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/537878
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://usn.ubuntu.com/27-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.vupen.com/english/advisories/2006/1914
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=109530851323415&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.debian.org/security/2004/dsa-560
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://scary.beasts.org/security/CESA-2004-003.txt
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/11196
vdb-entry
x_refsource_BID
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/20235
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/434715/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://usn.ubuntu.com/27-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-560
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/11196
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/20235
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Oct, 2004 | 04:00
Updated At:03 Apr, 2025 | 01:03

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
X.Org Foundation
x.org
>>x11r6>>6.7.0
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.8
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.6
cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0
cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.1
cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.2.11
cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.3
cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.0
cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.11
cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.12
cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.0
cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.3.0
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openbsd>>3.4
cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openbsd>>3.5
cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924cve@mitre.org
N/A
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=109530851323415&w=2cve@mitre.org
N/A
http://scary.beasts.org/security/CESA-2004-003.txtcve@mitre.org
N/A
http://secunia.com/advisories/20235cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-560cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlcve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlcve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/537878cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlcve@mitre.org
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-537.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/11196cve@mitre.org
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2006/1914cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796cve@mitre.org
N/A
https://usn.ubuntu.com/27-1/cve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924af854a3a-2127-422b-91ae-364da2661108
N/A
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=109530851323415&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://scary.beasts.org/security/CESA-2004-003.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/20235af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-560af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/537878af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-537.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/434715/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/11196af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/1914af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/27-1/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/20235
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-560
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11196
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/27-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109530851323415&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://scary.beasts.org/security/CESA-2004-003.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/20235
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-560
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/537878
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-537.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434715/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/1914
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/27-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

168Records found
CVE-2004-2338
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.82%
||
7 Day CHG~0.00%
Published-16 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CVE-2004-2163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 77.64%
||
7 Day CHG~0.00%
Published-10 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CVE-2004-1098
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.59%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Action-Not Available
Vendor-roaring_penguinn/aSUSEMandriva (Mandrakesoft)
Product-mimedefangsuse_linuxmandrake_linux_corporate_servermandrake_linuxn/a
CVE-2004-0817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.60% / 87.30%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Action-Not Available
Vendor-conectivaenlightenmentturbolinuxn/aUbuntuImageMagick Studio LLCSUSERed Hat, Inc.Sun Microsystems (Oracle Corporation)Mandriva (Mandrakesoft)
Product-imlibubuntu_linuxturbolinux_desktopjava_desktop_systemturbolinux_workstationimagemagicklinuxlinux_advanced_workstationmandrake_linux_corporate_serverturbolinux_serverenterprise_linux_desktopsuse_linuxfedora_coreenterprise_linuximlib2mandrake_linuxn/a
CVE-2004-0936
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.20% / 93.87%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarerav_antivirusarchive_zipn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.88% / 94.88%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Action-Not Available
Vendor-trustixpdflibwxgtk2n/aKDELibTIFFSUSERed Hat, Inc.Apple Inc.Mandriva (Mandrakesoft)
Product-secure_linuxlibtiffwxgtk2pdf_librarykdemac_os_x_serverenterprise_linux_desktopsuse_linuxfedora_coremac_os_xenterprise_linuxlinux_advanced_workstationmandrake_linuxn/a
CVE-2004-0933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.03% / 96.49%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarerav_antivirusarchive_zipn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 80.32%
||
7 Day CHG~0.00%
Published-14 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Action-Not Available
Vendor-n/aKDEGentoo Foundation, Inc.SUSEMandriva (Mandrakesoft)
Product-kdekonquerorsuse_linuxlinuxmandrake_linuxn/a
CVE-2004-0827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.69% / 87.46%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Action-Not Available
Vendor-conectivaenlightenmentturbolinuxn/aUbuntuImageMagick Studio LLCSUSERed Hat, Inc.Sun Microsystems (Oracle Corporation)Mandriva (Mandrakesoft)
Product-imlibmandrake_linux_corporate_serverubuntu_linuxturbolinuxjava_desktop_systementerprise_linux_desktopsuse_linuximagemagickfedora_corelinuxenterprise_linuximlib2linux_advanced_workstationmandrake_linuxn/a
CVE-2004-1096
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-20.25% / 95.30%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarerav_antivirusn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-0866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.54% / 87.21%
||
7 Day CHG~0.00%
Published-13 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Action-Not Available
Vendor-n/aKDEMozilla CorporationSUSEMicrosoft Corporation
Product-firefoxiesuse_linuxkonquerorinternet_explorern/a
CVE-2004-1175
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-1176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.21% / 83.78%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0867
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.64% / 87.38%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

Action-Not Available
Vendor-n/aKDEMozilla CorporationSUSEMicrosoft Corporation
Product-firefoxiesuse_linuxkonquerorinternet_explorern/a
CVE-2004-1004
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0687
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.95% / 95.25%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Action-Not Available
Vendor-xfree86_projectn/aX.Org FoundationOpenBSDSUSE
Product-suse_linuxx11r6openbsdn/a
CVE-2004-0935
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.20% / 93.87%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarerav_antivirusarchive_zipn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2004-1005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.26%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.SUSEMidnight CommanderGentoo Foundation, Inc.Debian GNU/Linux
Product-midnight_commanderturbolinux_serversuse_linuxdebian_linuxturbolinux_workstationlinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2004-0991
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.03% / 89.33%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.

Action-Not Available
Vendor-mpg123n/aSUSE
Product-suse_linuxmpg123n/a
CVE-2004-0932
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-43.59% / 97.43%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarerav_antivirusarchive_zipn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-2003-0386
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.24% / 94.13%
||
7 Day CHG~0.00%
Published-10 Jun, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2003-0682
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-18 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2003-0730
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.66% / 90.02%
||
7 Day CHG~0.00%
Published-03 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.

Action-Not Available
Vendor-xfree86_projectn/aNetBSD
Product-netbsdx11r6n/a
CVE-2003-0028
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-56.05% / 98.01%
||
7 Day CHG~0.00%
Published-21 Mar, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Action-Not Available
Vendor-openafscrayn/aMIT (Massachusetts Institute of Technology)IBM CorporationSilicon Graphics, Inc.OpenBSDFreeBSD FoundationGNUSun Microsystems (Oracle Corporation)HP Inc.
Product-glibchp-uxopenbsdaixhp-ux_series_700solarisirixunicoshp-ux_series_800sunosopenafsfreebsdkerberos_5n/a
CVE-2003-0063
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-1.31% / 78.97%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Action-Not Available
Vendor-xfree86_projectn/axfree86
Product-x11r6n/axfree86
CVE-2002-1317
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-42.48% / 97.36%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

Action-Not Available
Vendor-xfree86_projectn/aSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)HP Inc.
Product-hp-uxsolarisirixsunosx11r6n/a
CVE-2002-1219
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.08% / 91.15%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

Action-Not Available
Vendor-n/aOpenBSDFreeBSD FoundationInternet Systems Consortium, Inc.
Product-bindopenbsdfreebsdn/a
CVE-2002-0557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CVE-2002-0765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.54%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshopenbsdn/a
CVE-2005-0373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.76% / 89.03%
||
7 Day CHG~0.00%
Published-13 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-conectivacyrusopenpkgn/aRed Hat, Inc.Apple Inc.SUSE
Product-saslmac_os_x_serveropenpkgsuse_linuxsuse_cvsuplinuxfedora_coremac_os_xn/a
CVE-2002-0575
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.40% / 86.95%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2010-1866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.48% / 80.22%
||
7 Day CHG~0.00%
Published-07 May, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.

Action-Not Available
Vendor-n/aThe PHP GroupopenSUSESUSE
Product-phpopensuselinux_enterprisen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2002-0768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.53%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.

Action-Not Available
Vendor-luke_mewburnn/aSUSE
Product-suse_linuxlukemftpn/a
CVE-2002-0758
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.03%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2001-1507
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2001-0763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.35% / 95.99%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSUSE
Product-suse_linuxdebian_linuxn/a
CVE-2016-1908
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.36% / 88.51%
||
7 Day CHG~0.00%
Published-11 Apr, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationOpenBSD
Product-enterprise_linux_desktoplinuxenterprise_linux_server_tusenterprise_linux_eusopensshenterprise_linux_workstationdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-287
Improper Authentication
CVE-2001-0816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.06%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2001-0869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.38% / 84.39%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aSUSEThe MITRE Corporation (Caldera)Red Hat, Inc.
Product-openlinux_eserverlinux_powertoolssuse_linuxlinuxopenlinux_workstationn/a
CVE-2001-1130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.40% / 88.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2001-1380
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.58% / 88.80%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2001-0670
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.16% / 94.54%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

Action-Not Available
Vendor-bsdn/aOpenBSDNetBSDFreeBSD Foundation
Product-bsdnetbsdopenbsdfreebsdn/a
CVE-2001-0572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.04% / 94.30%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

Action-Not Available
Vendor-sshn/aOpenBSD
Product-sshopensshn/a
CVE-2001-0458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 81.62%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-ralf_s._engelschalln/aDebian GNU/LinuxSUSEMandriva (Mandrakesoft)
Product-eperlsuse_linuxdebian_linuxmandrake_linuxn/a
CVE-2000-0355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.52%
||
7 Day CHG~0.00%
Published-24 May, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.

Action-Not Available
Vendor-bent_baggern/aSUSERed Hat, Inc.
Product-linuxsuse_linuxpbpgn/a
CVE-2000-0750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 81.47%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

Action-Not Available
Vendor-n/aOpenBSDNetBSDRed Hat, Inc.
Product-linuxnetbsdopenbsdn/a
CVE-2004-0934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-39.95% / 97.22%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Action-Not Available
Vendor-eset_softwarerav_antivirusarchive_zipn/aBroadcom Inc.Kaspersky LabCA Technologies (Broadcom Inc.)Gentoo Foundation, Inc.SUSESophos Ltd.McAfee, LLCMandriva (Mandrakesoft)
Product-etrust_secure_content_manageretrust_ez_armornod32_antivirussophos_puremessage_anti-virusrav_antivirus_for_file_serversetrust_ez_antivirusarchive_zipbrightstor_arcserve_backupetrust_intrusion_detectionetrust_antiviruslinuxkaspersky_anti-virussophos_anti-virusrav_antivirus_desktopinoculateitsophos_small_business_suiteetrust_antivirus_gatewayrav_antivirus_for_mail_serverssuse_linuxantivirus_enginemandrake_linuxn/a
CVE-1999-0768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.91% / 89.20%
||
7 Day CHG~0.00%
Published-18 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.
Product-linuxsuse_linuxn/a
CVE-1999-0434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.65%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Action-Not Available
Vendor-n/aThe MITRE Corporation (Caldera)SUSENetBSDRed Hat, Inc.Debian GNU/Linux
Product-netbsdsuse_linuxdebian_linuxlinuxopenlinuxn/a
CVE-2012-1577
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 74.95%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 18:45
Updated-06 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

Action-Not Available
Vendor-dietlibc_projectdietlibcDebian GNU/LinuxOpenBSD
Product-openbsddebian_linuxdietlibcdietlibc
CWE ID-CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found