Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0746

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Sep, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:31
Rejected At-
Credits

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Sep, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:31
Rejected At:
▼CVE Numbering Authority (CNA)

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/12341
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
vdb-entry
x_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
vendor-advisory
x_refsource_CONECTIVA
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
vendor-advisory
x_refsource_MANDRAKE
http://www.securityfocus.com/bid/10991
vdb-entry
x_refsource_BID
http://www.kde.org/info/security/advisory-20040823-1.txt
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
vdb-entry
signature
x_refsource_OVAL
http://marc.info/?l=bugtraq&m=109327681304401&w=2
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/12341
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.securityfocus.com/bid/10991
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.kde.org/info/security/advisory-20040823-1.txt
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://marc.info/?l=bugtraq&m=109327681304401&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/12341
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
vdb-entry
x_refsource_XF
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.securityfocus.com/bid/10991
vdb-entry
x_refsource_BID
x_transferred
http://www.kde.org/info/security/advisory-20040823-1.txt
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://marc.info/?l=bugtraq&m=109327681304401&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/12341
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/10991
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.kde.org/info/security/advisory-20040823-1.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=109327681304401&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Oct, 2004 | 04:00
Updated At:16 Apr, 2026 | 00:27

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
KDE
kde
>>konqueror>>3.0
cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.0.1
cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.0.2
cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.0.3
cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.0.5
cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.0.5b
cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.1
cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.1.1
cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.1.2
cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.1.3
cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.1.5
cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.2.1
cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*
KDE
kde
>>konqueror>>3.2.3
cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*
Gentoo Foundation, Inc.
gentoo
>>linux>>1.4
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
KDE
kde
>>kde>>3.1.3
cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*
KDE
kde
>>kde>>3.2
cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>9.2
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>9.2
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
SUSE
suse
>>suse_linux>>8
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=109327681304401&w=2cve@mitre.org
N/A
http://secunia.com/advisories/12341cve@mitre.org
N/A
http://www.kde.org/info/security/advisory-20040823-1.txtcve@mitre.org
N/A
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086cve@mitre.org
N/A
http://www.securityfocus.com/bid/10991cve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17063cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281cve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=109327681304401&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/12341af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kde.org/info/security/advisory-20040823-1.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/10991af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17063af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109327681304401&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/12341
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kde.org/info/security/advisory-20040823-1.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10991
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=109327681304401&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/12341
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kde.org/info/security/advisory-20040823-1.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10991
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

144Records found
CVE-2003-0692
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 79.11%
||
7 Day CHG~0.00%
Published-18 Sep, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2003-0592
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 74.61%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Action-Not Available
Vendor-n/aKDE
Product-konqueror_embeddedkonquerorn/a
CVE-2003-0681
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.44% / 93.95%
||
7 Day CHG~0.00%
Published-18 Sep, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

Action-Not Available
Vendor-sendmailturbolinuxn/aOpenBSDApple Inc.HP Inc.IBM CorporationGentoo Foundation, Inc.NetBSD
Product-sendmail_switchmac_os_xlinuxturbolinux_advanced_serversendmailsendmail_proturbolinux_workstationadvanced_message_serverhp-uxaixturbolinux_servernetbsdmac_os_x_serveropenbsdn/a
CVE-2004-1176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.21% / 84.55%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-turbolinuxn/aDebian GNU/LinuxMidnight CommanderGentoo Foundation, Inc.Red Hat, Inc.SUSE
Product-debian_linuxlinuxlinux_advanced_workstationturbolinux_workstationsuse_linuxmidnight_commanderturbolinux_serverenterprise_linuxn/a
CVE-2003-0370
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 76.37%
||
7 Day CHG~0.00%
Published-05 Jun, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

Action-Not Available
Vendor-turbolinuxn/aApple Inc.Red Hat, Inc.KDE
Product-kdelinuxturbolinux_workstationkonqueror_embeddedsafariturbolinux_servern/a
CVE-2003-0434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-29.87% / 96.67%
||
7 Day CHG~0.00%
Published-18 Jun, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Action-Not Available
Vendor-xpdfn/aAdobe Inc.Red Hat, Inc.Mandriva (Mandrakesoft)
Product-xpdflinuxlinux_advanced_workstationacrobatmandrake_linuxenterprise_linuxmandrake_linux_corporate_servern/a
CVE-2004-0224
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.69% / 88.00%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

Action-Not Available
Vendor-inter7double_precision_incorporatedn/aGentoo Foundation, Inc.
Product-courier-imaplinuxsqwebmailcourier_mtan/a
CVE-2003-0988
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.69% / 91.95%
||
7 Day CHG+0.36%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2004-0687
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.10% / 95.82%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Action-Not Available
Vendor-xfree86_projectn/aOpenBSDX.Org FoundationSUSE
Product-x11r6suse_linuxopenbsdn/a
CVE-2004-0803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.88% / 95.17%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Action-Not Available
Vendor-pdflibwxgtk2trustixn/aApple Inc.LibTIFFMandriva (Mandrakesoft)Red Hat, Inc.KDESUSE
Product-mac_os_xwxgtk2kdelinux_advanced_workstationmandrake_linuxsuse_linuxfedora_coreenterprise_linux_desktoppdf_librarysecure_linuxlibtiffenterprise_linuxmac_os_x_servern/a
CVE-2004-0721
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 73.89%
||
7 Day CHG~0.00%
Published-23 Jul, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Action-Not Available
Vendor-n/aKDE
Product-konquerorn/a
CVE-2004-0827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.69% / 88.00%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Action-Not Available
Vendor-conectivaenlightenmentturbolinuxn/aMandriva (Mandrakesoft)UbuntuSun Microsystems (Oracle Corporation)Red Hat, Inc.ImageMagick Studio LLCSUSE
Product-imagemagicklinuxlinux_advanced_workstationubuntu_linuximlib2mandrake_linuxsuse_linuxturbolinuxfedora_coreenterprise_linux_desktopimlibjava_desktop_systementerprise_linuxmandrake_linux_corporate_servern/a
CVE-2004-0817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.60% / 87.83%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Action-Not Available
Vendor-conectivaenlightenmentturbolinuxn/aMandriva (Mandrakesoft)UbuntuSun Microsystems (Oracle Corporation)Red Hat, Inc.ImageMagick Studio LLCSUSE
Product-imagemagicklinuximlib2turbolinux_workstationfedora_coreimlibjava_desktop_systementerprise_linuxlinux_advanced_workstationubuntu_linuxmandrake_linuxsuse_linuxenterprise_linux_desktopturbolinux_desktopturbolinux_servermandrake_linux_corporate_servern/a
CVE-2004-1098
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.57%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Action-Not Available
Vendor-roaring_penguinn/aMandriva (Mandrakesoft)SUSE
Product-mandrake_linuxmimedefangsuse_linuxmandrake_linux_corporate_servern/a
CVE-2004-0432
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 79.32%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.

Action-Not Available
Vendor-proftpd_projecttrustixn/aGentoo Foundation, Inc.
Product-secure_linuxlinuxproftpdn/a
CVE-2004-0419
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 86.19%
||
7 Day CHG~0.00%
Published-03 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

Action-Not Available
Vendor-xfree86_projectn/aGentoo Foundation, Inc.X.Org Foundation
Product-x11r6linuxxdmn/a
CVE-2004-0500
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.26% / 87.22%
||
7 Day CHG~0.00%
Published-02 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.

Action-Not Available
Vendor-rob_flynnn/aMandriva (Mandrakesoft)Gentoo Foundation, Inc.
Product-mandrake_linuxlinuxgaimn/a
CVE-2004-0688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.03% / 94.81%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Action-Not Available
Vendor-xfree86_projectn/aOpenBSDX.Org FoundationSUSE
Product-x11r6suse_linuxopenbsdn/a
CVE-2005-0754
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.28% / 84.78%
||
7 Day CHG~0.00%
Published-24 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-conectivan/aGentoo Foundation, Inc.UbuntuRed Hat, Inc.KDE
Product-kdelinuxubuntu_linuxfedora_corequantan/a
CVE-2002-1223
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 74.21%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2003-0204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.50% / 81.27%
||
7 Day CHG~0.00%
Published-15 Apr, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2002-1282
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.12% / 92.20%
||
7 Day CHG~0.00%
Published-14 Nov, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2002-1393
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 85.26%
||
7 Day CHG~0.00%
Published-08 Jan, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2002-1281
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.33% / 91.04%
||
7 Day CHG~0.00%
Published-14 Nov, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2002-0970
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.40% / 85.14%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Action-Not Available
Vendor-n/aKDE
Product-konquerorkden/a
CVE-2002-1152
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 80.74%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

Action-Not Available
Vendor-n/aKDE
Product-kden/a
CVE-2015-3209
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-20.57% / 95.61%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Action-Not Available
Vendor-n/aCanonical Ltd.Juniper Networks, Inc.QEMUSUSERed Hat, Inc.Debian GNU/LinuxFedora ProjectArista Networks, Inc.
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopjunos_spaceenterprise_linux_server_tuseosenterprise_linux_desktoplinux_enterprise_debuginfolinux_enterprise_serverenterprise_linux_server_ausfedoraopenstacklinux_enterprise_software_development_kitenterprise_linux_serverenterprise_linux_workstationqemuenterprise_linux_eusvirtualizationenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2002-1151
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.23% / 87.14%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

Action-Not Available
Vendor-n/aKDE
Product-konquerorkden/a
CVE-2015-0778
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.90% / 75.72%
||
7 Day CHG~0.00%
Published-16 Mar, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectSUSE
Product-fedoraopensuse_oscopensusen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2002-0836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.76% / 94.53%
||
7 Day CHG+0.63%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

Action-Not Available
Vendor-n/aHP Inc.Red Hat, Inc.Mandriva (Mandrakesoft)
Product-secure_osmandrake_linuxlinuxn/a
CVE-2005-2971
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.52% / 91.18%
||
7 Day CHG~0.00%
Published-20 Oct, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.

Action-Not Available
Vendor-n/aKDE
Product-kofficen/a
CVE-2015-0192
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 85.43%
||
7 Day CHG~0.00%
Published-02 Jul, 2015 | 21:16
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationSUSE
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_eusjavaenterprise_linux_server_auslinux_enterprise_software_development_kitn/a
CVE-2014-9846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.67% / 89.38%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSEopenSUSEImageMagick Studio LLC
Product-suse_linux_enterprise_workstation_extensionsuse_linux_enterprise_serverleapsuse_linux_enterprise_software_development_kitstudio_onsitesuse_linux_enterprise_desktopimagemagickubuntu_linuxsuse_linux_enterprise_debuginfoopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9761
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.58% / 87.80%
||
7 Day CHG~0.00%
Published-19 Apr, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGNUSUSEFedora Project
Product-ubuntu_linuxlinux_enterprise_desktopsuse_linux_enterprise_serverglibclinux_enterprise_debuginfolinux_enterprise_serverfedoralinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9852
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 79.96%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLCSUSE
Product-linux_enterprise_desktoplinux_enterprise_serverleaplinux_enterprise_software_development_kitlinux_enterprise_workstation_extensionimagemagickopensusen/a
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CVE-2002-0768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.52% / 81.38%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.

Action-Not Available
Vendor-luke_mewburnn/aSUSE
Product-lukemftpsuse_linuxn/a
CVE-2002-0002
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.62% / 94.73%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Action-Not Available
Vendor-stunnelengardelinuxn/aMandriva (Mandrakesoft)Red Hat, Inc.
Product-mandrake_linuxsecure_linuxlinuxstunneln/a
CVE-2014-8162
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 69.74%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-network_satellitemanagern/a
CVE-2001-1449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.83% / 90.59%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

Action-Not Available
Vendor-n/aThe Apache Software FoundationMandriva (Mandrakesoft)
Product-mandrake_linuxmandrake_single_network_firewallhttp_servermandrake_linux_corporate_servern/a
CVE-2004-1175
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 76.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Action-Not Available
Vendor-turbolinuxn/aDebian GNU/LinuxMidnight CommanderGentoo Foundation, Inc.Red Hat, Inc.SUSE
Product-debian_linuxlinuxlinux_advanced_workstationturbolinux_workstationsuse_linuxmidnight_commanderturbolinux_serverenterprise_linuxn/a
CVE-2004-1165
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.09% / 94.39%
||
7 Day CHG~0.00%
Published-10 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Action-Not Available
Vendor-n/aKDE
Product-konquerorkdelibsn/a
CVE-2001-1030
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.70%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Action-Not Available
Vendor-squidimmunixtrustixn/aRed Hat, Inc.The MITRE Corporation (Caldera)Mandriva (Mandrakesoft)
Product-openlinux_serverlinuxmandrake_linuxmandrake_single_network_firewallsecure_linuxsquid_web_proxyimmunixmandrake_linux_corporate_servern/a
CVE-2003-0256
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 76.89%
||
7 Day CHG~0.00%
Published-09 May, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aKDE
Product-kopeten/a
CVE-2001-0869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.38% / 85.10%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aRed Hat, Inc.The MITRE Corporation (Caldera)SUSE
Product-linuxsuse_linuxopenlinux_workstationopenlinux_eserverlinux_powertoolsn/a
CVE-2001-0458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.13% / 84.28%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-ralf_s._engelschalln/aDebian GNU/LinuxMandriva (Mandrakesoft)SUSE
Product-debian_linuxeperlsuse_linuxmandrake_linuxn/a
CVE-2001-0473
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 77.20%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

Action-Not Available
Vendor-conectivamuttimmunixn/aMandriva (Mandrakesoft)Red Hat, Inc.
Product-mandrake_linuximmunixlinuxmuttn/a
CVE-2001-1130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.40% / 89.07%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2001-0763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.35% / 96.24%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSUSE
Product-debian_linuxsuse_linuxn/a
CVE-2001-0441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.78% / 82.85%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-debian_linuxmandrake_linuxlinuxmandrake_linux_corporate_servern/a
CVE-2014-1510
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-71.09% / 98.73%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found