CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3901 CVE-2004-0602 +Priv 2004-12-06 2017-07-10
2.1
None Local Low Not required Partial None None
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
3902 CVE-2004-0596 DoS 2004-08-06 2017-07-10
2.1
None Local Low Not required None None Partial
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
3903 CVE-2004-0587 DoS 2004-08-06 2017-10-10
2.1
None Local Low Not required None None Partial
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
3904 CVE-2004-0565 +Info 2004-12-06 2017-10-10
2.1
None Local Low Not required Partial None None
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
3905 CVE-2004-0564 2004-12-23 2017-07-10
2.1
None Local Low Not required None Partial None
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
3906 CVE-2004-0563 2004-12-23 2017-07-10
2.1
None Local Low Not required Partial None None
The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password.
3907 CVE-2004-0559 2004-10-20 2017-07-10
2.1
None Local Low Not required None Partial None
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
3908 CVE-2004-0554 DoS 2004-08-06 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
3909 CVE-2004-0535 Overflow 2004-08-06 2017-10-10
2.1
None Local Low Not required Partial None None
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
3910 CVE-2004-0533 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
3911 CVE-2004-0512 DoS 2004-12-23 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.
3912 CVE-2004-0511 DoS 2004-12-23 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
3913 CVE-2004-0497 2004-12-06 2017-10-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
3914 CVE-2004-0491 2004-12-31 2017-10-10
2.1
None Local Low Not required None Partial None
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
3915 CVE-2004-0484 DoS 2004-07-07 2017-07-10
2.6
None Remote High Not required None None Partial
mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
3916 CVE-2004-0481 2005-02-23 2018-10-30
2.1
None Local Low Not required None Partial None
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
3917 CVE-2004-0478 399 DoS 2004-07-07 2017-07-10
2.6
None Remote High Not required None None Partial
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
3918 CVE-2004-0473 2004-07-07 2017-07-10
2.6
None Remote High Not required None Partial None
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
3919 CVE-2004-0471 DoS 2004-07-07 2017-07-10
2.1
None Local Low Not required None None Partial
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
3920 CVE-2004-0462 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
3921 CVE-2004-0452 2004-12-21 2017-10-10
2.6
None Local High Not required None Partial Partial
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
3922 CVE-2004-0445 DoS 2004-07-07 2017-07-10
2.6
None Remote High Not required None None Partial
The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.
3923 CVE-2004-0427 DoS 2004-07-07 2018-05-02
2.1
None Local Low Not required None None Partial
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
3924 CVE-2004-0423 2004-07-07 2016-10-17
2.1
None Local Low Not required None Partial None
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
3925 CVE-2004-0422 2004-07-07 2017-07-10
2.1
None Local Low Not required None Partial None
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.
3926 CVE-2004-0415 2004-11-23 2017-10-10
2.1
None Local Low Not required Partial None None
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
3927 CVE-2004-0407 DoS 2004-06-01 2017-07-10
2.6
None Remote High Not required None None Partial
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
3928 CVE-2004-0394 Overflow 2004-08-18 2017-07-10
2.1
None Local Low Not required Partial None None
A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.
3929 CVE-2004-0388 2004-06-01 2017-10-10
2.1
None Local Low Not required None Partial None
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
3930 CVE-2004-0381 2004-05-04 2017-10-10
2.1
None Local Low Not required None Partial None
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
3931 CVE-2004-0372 2004-04-15 2017-07-10
2.1
None Local Low Not required None Partial None
xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.
3932 CVE-2004-0370 2004-05-04 2017-07-10
2.1
None Local Low Not required Partial None None
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
3933 CVE-2004-0351 2004-11-23 2017-07-10
2.1
None Local Low Not required Partial None None
Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.
3934 CVE-2004-0350 2004-11-23 2017-07-10
2.1
None Local Low Not required Partial None None
SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.
3935 CVE-2004-0342 DoS 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
3936 CVE-2004-0341 DoS 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
3937 CVE-2004-0325 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".
3938 CVE-2004-0320 2004-11-23 2017-10-09
2.1
None Local Low Not required Partial None None
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
3939 CVE-2004-0299 DoS Overflow 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters.
3940 CVE-2004-0289 DoS Overflow 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.
3941 CVE-2004-0283 2004-11-23 2017-07-10
2.1
None Local Low Not required None Partial None
Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.
3942 CVE-2004-0267 2004-11-23 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.
3943 CVE-2004-0256 2004-11-23 2018-05-02
2.1
None Local Low Not required None Partial None
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
3944 CVE-2004-0233 Dir. Trav. 2004-08-18 2017-10-10
2.1
None Local Low Not required None Partial None
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
3945 CVE-2004-0231 2004-08-18 2017-07-10
2.1
None Local Low Not required None Partial None
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
3946 CVE-2004-0211 DoS 2004-11-03 2018-10-12
2.1
None Local Low Not required None None Partial
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
3947 CVE-2004-0207 +Priv 2004-11-03 2018-10-12
2.1
None Local Low Not required None Partial None
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
3948 CVE-2004-0181 +Info 2004-06-01 2017-10-10
2.1
None Local Low Not required Partial None None
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
3949 CVE-2004-0180 2004-06-01 2018-05-02
2.6
None Remote High Not required None Partial None
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
3950 CVE-2004-0178 DoS 2004-06-01 2017-10-10
2.1
None Local Low Not required None None Partial
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
Total number of vulnerabilities : 4508   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 (This Page)80 81 82 83 84 85 86 87 88 89 90 91
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.