| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2003-1232 |
|
|
Exec Code |
2003-12-31 |
2010-04-02 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. |
|
2 |
CVE-2003-0972 |
|
|
Exec Code Overflow |
2003-12-15 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. |
|
3 |
CVE-2003-0971 |
|
|
|
2003-12-15 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. |
|
4 |
CVE-2003-0859 |
|
|
DoS |
2003-12-15 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. |
|
5 |
CVE-2003-0858 |
399 |
|
DoS |
2003-12-15 |
2011-03-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. |
|
6 |
CVE-2003-0854 |
|
1
|
|
2003-11-17 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. |
|
7 |
CVE-2003-0853 |
|
|
DoS Exec Code Overflow |
2003-11-17 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. |
|
8 |
CVE-2003-0849 |
|
|
Exec Code Overflow |
2003-11-17 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. |
|
9 |
CVE-2003-0826 |
|
|
Exec Code Overflow |
2003-10-06 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. |
|
10 |
CVE-2003-0795 |
20 |
|
DoS |
2003-12-15 |
2011-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. |
|
11 |
CVE-2003-0255 |
|
|
|
2003-05-27 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. |
|
12 |
CVE-2003-0107 |
|
|
DoS Exec Code Overflow |
2003-03-07 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. |
|
13 |
CVE-2003-0038 |
|
|
XSS |
2003-02-07 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. |
|
14 |
CVE-2003-0028 |
|
|
Exec Code Overflow |
2003-03-25 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
