Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-1098

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Dec, 2004 | 05:00
Updated At-08 Aug, 2024 | 00:39
Rejected At-
Credits

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Dec, 2004 | 05:00
Updated At:08 Aug, 2024 | 00:39
Rejected At:
▼CVE Numbering Authority (CNA)

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
vendor-advisory
x_refsource_MANDRAKE
https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/11563
vdb-entry
x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/11563
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
vendor-advisory
x_refsource_MANDRAKE
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/11563
vdb-entry
x_refsource_BID
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/11563
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Jan, 2005 | 05:00
Updated At:16 Apr, 2026 | 00:27

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
roaring_penguin
roaring_penguin
>>mimedefang>>2.4
cpe:2.3:a:roaring_penguin:mimedefang:2.4:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.14
cpe:2.3:a:roaring_penguin:mimedefang:2.14:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.20
cpe:2.3:a:roaring_penguin:mimedefang:2.20:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.21
cpe:2.3:a:roaring_penguin:mimedefang:2.21:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.38
cpe:2.3:a:roaring_penguin:mimedefang:2.38:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.39
cpe:2.3:a:roaring_penguin:mimedefang:2.39:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.41
cpe:2.3:a:roaring_penguin:mimedefang:2.41:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.42
cpe:2.3:a:roaring_penguin:mimedefang:2.42:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.43
cpe:2.3:a:roaring_penguin:mimedefang:2.43:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.44
cpe:2.3:a:roaring_penguin:mimedefang:2.44:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>2.45
cpe:2.3:a:roaring_penguin:mimedefang:2.45:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>4.46
cpe:2.3:a:roaring_penguin:mimedefang:4.46:*:*:*:*:*:*:*
roaring_penguin
roaring_penguin
>>mimedefang>>4.47
cpe:2.3:a:roaring_penguin:mimedefang:4.47:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>9.2
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>9.2
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.1
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux>>10.1
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux_corporate_server>>2.1
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
Mandriva (Mandrakesoft)
mandrakesoft
>>mandrake_linux_corporate_server>>2.1
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.0
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.htmlcve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200411-06.xmlcve@mitre.org
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:123cve@mitre.org
N/A
http://www.securityfocus.com/bid/11563cve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17940cve@mitre.org
N/A
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200411-06.xmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:123af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/11563af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17940af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11563
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11563
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

112Records found
CVE-2004-1176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.21% / 84.55%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-turbolinuxn/aDebian GNU/LinuxMidnight CommanderGentoo Foundation, Inc.Red Hat, Inc.SUSE
Product-debian_linuxlinuxlinux_advanced_workstationturbolinux_workstationsuse_linuxmidnight_commanderturbolinux_serverenterprise_linuxn/a
CVE-2003-0434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-29.87% / 96.67%
||
7 Day CHG~0.00%
Published-18 Jun, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Action-Not Available
Vendor-xpdfn/aAdobe Inc.Red Hat, Inc.Mandriva (Mandrakesoft)
Product-xpdflinuxlinux_advanced_workstationacrobatmandrake_linuxenterprise_linuxmandrake_linux_corporate_servern/a
CVE-2004-0687
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.10% / 95.82%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Action-Not Available
Vendor-xfree86_projectn/aOpenBSDX.Org FoundationSUSE
Product-x11r6suse_linuxopenbsdn/a
CVE-2004-0746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 81.19%
||
7 Day CHG~0.00%
Published-14 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Action-Not Available
Vendor-n/aMandriva (Mandrakesoft)Gentoo Foundation, Inc.KDESUSE
Product-kdelinuxmandrake_linuxsuse_linuxkonquerorn/a
CVE-2004-0803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.88% / 95.17%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Action-Not Available
Vendor-pdflibwxgtk2trustixn/aApple Inc.LibTIFFMandriva (Mandrakesoft)Red Hat, Inc.KDESUSE
Product-mac_os_xwxgtk2kdelinux_advanced_workstationmandrake_linuxsuse_linuxfedora_coreenterprise_linux_desktoppdf_librarysecure_linuxlibtiffenterprise_linuxmac_os_x_servern/a
CVE-2004-0827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.69% / 88.00%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Action-Not Available
Vendor-conectivaenlightenmentturbolinuxn/aMandriva (Mandrakesoft)UbuntuSun Microsystems (Oracle Corporation)Red Hat, Inc.ImageMagick Studio LLCSUSE
Product-imagemagicklinuxlinux_advanced_workstationubuntu_linuximlib2mandrake_linuxsuse_linuxturbolinuxfedora_coreenterprise_linux_desktopimlibjava_desktop_systementerprise_linuxmandrake_linux_corporate_servern/a
CVE-2004-0817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.60% / 87.83%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Action-Not Available
Vendor-conectivaenlightenmentturbolinuxn/aMandriva (Mandrakesoft)UbuntuSun Microsystems (Oracle Corporation)Red Hat, Inc.ImageMagick Studio LLCSUSE
Product-imagemagicklinuximlib2turbolinux_workstationfedora_coreimlibjava_desktop_systementerprise_linuxlinux_advanced_workstationubuntu_linuxmandrake_linuxsuse_linuxenterprise_linux_desktopturbolinux_desktopturbolinux_servermandrake_linux_corporate_servern/a
CVE-2004-0500
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.26% / 87.22%
||
7 Day CHG~0.00%
Published-02 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.

Action-Not Available
Vendor-rob_flynnn/aMandriva (Mandrakesoft)Gentoo Foundation, Inc.
Product-mandrake_linuxlinuxgaimn/a
CVE-2004-0688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.03% / 94.81%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Action-Not Available
Vendor-xfree86_projectn/aOpenBSDX.Org FoundationSUSE
Product-x11r6suse_linuxopenbsdn/a
CVE-2015-3209
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-20.57% / 95.61%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Action-Not Available
Vendor-n/aCanonical Ltd.Juniper Networks, Inc.QEMUSUSERed Hat, Inc.Debian GNU/LinuxFedora ProjectArista Networks, Inc.
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopjunos_spaceenterprise_linux_server_tuseosenterprise_linux_desktoplinux_enterprise_debuginfolinux_enterprise_serverenterprise_linux_server_ausfedoraopenstacklinux_enterprise_software_development_kitenterprise_linux_serverenterprise_linux_workstationqemuenterprise_linux_eusvirtualizationenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2002-1121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 76.33%
||
7 Day CHG~0.00%
Published-14 Sep, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.

Action-Not Available
Vendor-network_associatesroaring_penguingfin/aTrend Micro Incorporated
Product-webshield_smtpmimedefangcanitmailsecurityinterscan_viruswalln/a
CVE-2015-0778
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.90% / 75.72%
||
7 Day CHG~0.00%
Published-16 Mar, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectSUSE
Product-fedoraopensuse_oscopensusen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2002-0836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.76% / 94.53%
||
7 Day CHG+0.63%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

Action-Not Available
Vendor-n/aHP Inc.Red Hat, Inc.Mandriva (Mandrakesoft)
Product-secure_osmandrake_linuxlinuxn/a
CVE-2015-0192
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 85.43%
||
7 Day CHG~0.00%
Published-02 Jul, 2015 | 21:16
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationSUSE
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_eusjavaenterprise_linux_server_auslinux_enterprise_software_development_kitn/a
CVE-2014-9846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.67% / 89.38%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSEopenSUSEImageMagick Studio LLC
Product-suse_linux_enterprise_workstation_extensionsuse_linux_enterprise_serverleapsuse_linux_enterprise_software_development_kitstudio_onsitesuse_linux_enterprise_desktopimagemagickubuntu_linuxsuse_linux_enterprise_debuginfoopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9761
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.58% / 87.80%
||
7 Day CHG~0.00%
Published-19 Apr, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGNUSUSEFedora Project
Product-ubuntu_linuxlinux_enterprise_desktopsuse_linux_enterprise_serverglibclinux_enterprise_debuginfolinux_enterprise_serverfedoralinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9852
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 79.96%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLCSUSE
Product-linux_enterprise_desktoplinux_enterprise_serverleaplinux_enterprise_software_development_kitlinux_enterprise_workstation_extensionimagemagickopensusen/a
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CVE-2002-0768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.52% / 81.38%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.

Action-Not Available
Vendor-luke_mewburnn/aSUSE
Product-lukemftpsuse_linuxn/a
CVE-2002-0002
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.62% / 94.73%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Action-Not Available
Vendor-stunnelengardelinuxn/aMandriva (Mandrakesoft)Red Hat, Inc.
Product-mandrake_linuxsecure_linuxlinuxstunneln/a
CVE-2014-8162
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 69.74%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-network_satellitemanagern/a
CVE-2001-1449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.83% / 90.59%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

Action-Not Available
Vendor-n/aThe Apache Software FoundationMandriva (Mandrakesoft)
Product-mandrake_linuxmandrake_single_network_firewallhttp_servermandrake_linux_corporate_servern/a
CVE-2004-1175
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 76.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Action-Not Available
Vendor-turbolinuxn/aDebian GNU/LinuxMidnight CommanderGentoo Foundation, Inc.Red Hat, Inc.SUSE
Product-debian_linuxlinuxlinux_advanced_workstationturbolinux_workstationsuse_linuxmidnight_commanderturbolinux_serverenterprise_linuxn/a
CVE-2001-1030
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.70%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Action-Not Available
Vendor-squidimmunixtrustixn/aRed Hat, Inc.The MITRE Corporation (Caldera)Mandriva (Mandrakesoft)
Product-openlinux_serverlinuxmandrake_linuxmandrake_single_network_firewallsecure_linuxsquid_web_proxyimmunixmandrake_linux_corporate_servern/a
CVE-2001-0869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.38% / 85.10%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aRed Hat, Inc.The MITRE Corporation (Caldera)SUSE
Product-linuxsuse_linuxopenlinux_workstationopenlinux_eserverlinux_powertoolsn/a
CVE-2001-0458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.13% / 84.28%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-ralf_s._engelschalln/aDebian GNU/LinuxMandriva (Mandrakesoft)SUSE
Product-debian_linuxeperlsuse_linuxmandrake_linuxn/a
CVE-2001-0473
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 77.20%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

Action-Not Available
Vendor-conectivamuttimmunixn/aMandriva (Mandrakesoft)Red Hat, Inc.
Product-mandrake_linuximmunixlinuxmuttn/a
CVE-2001-1130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.40% / 89.07%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2001-0763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.35% / 96.24%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSUSE
Product-debian_linuxsuse_linuxn/a
CVE-2001-0441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.78% / 82.85%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-debian_linuxmandrake_linuxlinuxmandrake_linux_corporate_servern/a
CVE-2014-1510
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-71.09% / 98.73%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-1514
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.17% / 88.74%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2001-0439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 80.13%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Action-Not Available
Vendor-conectivalicqn/aFreeBSD FoundationRed Hat, Inc.Mandriva (Mandrakesoft)
Product-linuxmandrake_linuxfreebsdlicqmandrake_linux_corporate_servern/a
CVE-2014-1511
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-70.49% / 98.71%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-1524
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.41% / 91.11%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirddebian_linuxfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusfedoraenterprise_linux_server_ausenterprise_linux_eusopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2014-1485
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 76.65%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationSUSEMozilla Corporation
Product-firefoxubuntu_linuxseamonkeylinux_enterprise_desktopsolarislinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2000-0355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.61%
||
7 Day CHG~0.00%
Published-24 May, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.

Action-Not Available
Vendor-bent_baggern/aRed Hat, Inc.SUSE
Product-linuxsuse_linuxpbpgn/a
CVE-2013-5616
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.87% / 86.36%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2013-4365
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.66% / 91.28%
||
7 Day CHG~0.00%
Published-17 Oct, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSESUSEThe Apache Software FoundationDebian GNU/Linux
Product-debian_linuxcloudmod_fcgidopensuselinux_enterprise_software_development_kithttp_servern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-4480
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 72.19%
||
7 Day CHG~0.00%
Published-15 Nov, 2013 | 18:16
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-network_satellitesatellitemanagerlinux_enterprisesatellite_with_embedded_oraclen/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2013-4547
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-90.92% / 99.64%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

Action-Not Available
Vendor-n/aopenSUSEF5, Inc.SUSE
Product-studio_onsitelifecycle_management_servernginxwebyastopensusen/a
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-1999-0768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.26% / 90.99%
||
7 Day CHG~0.00%
Published-18 Jan, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-linuxsuse_linuxn/a
CVE-1999-0434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.54%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxNetBSDRed Hat, Inc.The MITRE Corporation (Caldera)SUSE
Product-debian_linuxlinuxopenlinuxsuse_linuxnetbsdn/a
CVE-2012-5836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.38% / 80.40%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxlinux_enterprise_desktopseamonkeylinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-7966
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.

Action-Not Available
Vendor-n/aKDESUSEDebian GNU/LinuxFedora Project
Product-kmaildebian_linuxlinux_enterprisefedoran/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4192
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 66.03%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Action-Not Available
Vendor-n/aSUSE
Product-kiwistudio_onsitestudio_extension_for_system_zn/a
CVE-2017-14491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-57.79% / 98.19%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Action-Not Available
Vendor-thekelleysn/aHuawei Technologies Co., Ltd.Debian GNU/LinuxSUSERed Hat, Inc.Aruba NetworksSynology, Inc.NVIDIA CorporationArista Networks, Inc.Canonical Ltd.openSUSEMicrosoft CorporationSiemens AG
Product-enterprise_linux_desktopruggedcom_rm1224_firmwarescalance_w1750d_firmwarescalance_s615enterprise_linux_workstationlinux_for_tegradnsmasqlinux_enterprise_serverleaprouter_managerlinux_enterprise_point_of_salearubaosenterprise_linux_serverdebian_linuxjetson_tk1scalance_s615_firmwaregeforce_experiencelinux_enterprise_debuginfoeosscalance_m-800diskstation_managerhonor_v9_play_firmwarejetson_tx1scalance_w1750druggedcom_rm1224ubuntu_linuxhonor_v9_playscalance_m-800_firmwarewindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2004-1005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 78.27%
||
7 Day CHG~0.00%
Published-22 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Action-Not Available
Vendor-turbolinuxn/aDebian GNU/LinuxMidnight CommanderGentoo Foundation, Inc.Red Hat, Inc.SUSE
Product-debian_linuxlinuxlinux_advanced_workstationturbolinux_workstationsuse_linuxmidnight_commanderturbolinux_serverenterprise_linuxn/a
CVE-2002-0758
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 78.07%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2001-0440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.14% / 94.63%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Action-Not Available
Vendor-conectivalicqn/aMandriva (Mandrakesoft)
Product-mandrake_linuxlinuxlicqn/a
CVE-2012-1823
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-94.36% / 99.97%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 10:00
Updated-21 Apr, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Action-Not Available
Vendor-n/aApple Inc.openSUSESUSERed Hat, Inc.HP Inc.The PHP GroupDebian GNU/LinuxFedora Project
Product-debian_linuxmac_os_xenterprise_linux_desktopstoragelinux_enterprise_serverenterprise_linux_server_ausapplication_stackfedoralinux_enterprise_software_development_kitstorage_for_public_cloudhp-uxphpenterprise_linux_serverenterprise_linux_workstationenterprise_linux_eusgluster_storage_server_for_on-premiseopensusen/aPHP
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found