Vulnerabilities (CVE)

Vendor filter

Conectiva Subscribe

Filter

64 total CVE
CVE Vendors Products Updated CVSS
CVE-2004-1029 5 Gentoo, Hp, Conectiva and 2 more 8 Enterprise Firewall, Hp-ux, Jdk and 5 more 2017-10-11 9.3
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to...
CVE-2004-0930 5 Gentoo, Sgi, Conectiva and 2 more 8 Linux Advanced Workstation, Linux, Enterprise Linux Desktop and 5 more 2017-10-11 5.0
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
CVE-2004-0905 5 Suse, Netscape, Mozilla and 2 more 10 Mozilla, Navigator, Linux Advanced Workstation and 7 more 2017-10-11 4.6
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to...
CVE-2004-0904 4 Conectiva, Netscape, Mozilla and 1 more 10 Mozilla, Navigator, Linux Advanced Workstation and 7 more 2017-10-11 10.0
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVE-2004-0903 4 Suse, Mozilla, Conectiva and 1 more 9 Mozilla, Linux Advanced Workstation, Enterprise Linux Desktop and 6 more 2017-10-11 10.0
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard...
CVE-2004-0884 2 Conectiva, Cyrus 2 Sasl, Linux 2017-10-11 7.2
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to...
CVE-2004-0827 9 Turbolinux, Enlightenment, Imagemagick and 6 more 14 Imlib2, Linux Advanced Workstation, Java Desktop System and 11 more 2017-10-11 7.5
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or...
CVE-2004-0817 9 Turbolinux, Enlightenment, Imagemagick and 6 more 16 Imlib2, Linux Advanced Workstation, Java Desktop System and 13 more 2017-10-11 7.5
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2004-0809 8 Turbolinux, Conectiva, Redhat and 5 more 12 Hp-ux, Linux, Turbolinux Home and 9 more 2017-10-11 5.0
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVE-2004-0807 5 Conectiva, Suse, Mandrakesoft and 2 more 5 Suse Linux, Mandrake Linux, Samba and 2 more 2017-10-11 5.0
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
CVE-2004-0557 4 Gentoo, Conectiva, Sox and 1 more 6 Sox, Linux, Enterprise Linux Desktop and 3 more 2017-10-11 10.0
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
CVE-2004-0554 6 Linux, Conectiva, Redhat and 3 more 18 Suse Email Server, Linux Kernel, Suse Office Server and 15 more 2017-10-11 2.1
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated...
CVE-2004-0535 6 Linux, Conectiva, Suse and 3 more 17 Mandrake Multi Network Firewall, Linux Kernel, Suse Office Server and 14 more 2017-10-11 2.1
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by...
CVE-2004-0497 7 Linux, Conectiva, Redhat and 4 more 9 Mandrake Multi Network Firewall, Linux Kernel, Linux and 6 more 2017-10-11 2.1
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVE-2004-0495 6 Linux, Conectiva, Redhat and 3 more 18 Suse Email Server, Linux Kernel, Suse Office Server and 15 more 2017-10-11 7.2
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
CVE-2003-0540 2 Conectiva, Wietse Venema 2 Postfix, Linux 2017-10-11 5.0
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or...
CVE-2003-0468 2 Conectiva, Wietse Venema 2 Postfix, Linux 2017-10-11 5.0
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which...
CVE-2001-1374 3 Conectiva, Don Libes, Redhat 3 Linux, Expect, Linux 2017-10-10 7.2
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
CVE-2001-0834 4 Suse, Conectiva, Debian and 1 more 4 Debian Linux, Suse Linux, Htdig and 1 more 2017-10-10 6.4
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file...
CVE-2001-0690 4 Conectiva, Debian, University Of Cambridge and 1 more 4 Debian Linux, Linux, Exim and 1 more 2017-10-10 7.5
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.