CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4001 CVE-2004-0837 DoS 2004-11-03 2018-09-26
2.6
None Remote High Not required None None Partial
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
4002 CVE-2004-0828 2004-11-03 2017-07-10
2.1
None Local Low Not required None Partial None
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
4003 CVE-2004-0824 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.
4004 CVE-2004-0813 Bypass 2004-12-31 2017-10-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.
4005 CVE-2004-0812 DoS Exec Code 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.
4006 CVE-2004-0797 DoS 2004-10-20 2017-07-10
2.1
None Local Low Not required None None Partial
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).
4007 CVE-2004-0770 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.
4008 CVE-2004-0755 2004-10-20 2017-10-10
2.1
None Local Low Not required Partial None None
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
4009 CVE-2004-0752 2004-10-20 2017-10-10
2.1
None Local Low Not required Partial None None
OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
4010 CVE-2004-0706 2004-07-27 2017-07-10
2.1
None Local Low Not required Partial None None
Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.
4011 CVE-2004-0654 DoS 2004-08-06 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).
4012 CVE-2004-0653 2004-08-06 2017-10-10
2.1
None Local Low Not required Partial None None
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
4013 CVE-2004-0622 +Info 2004-12-06 2018-10-19
2.1
None Local Low Not required Partial None None
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.
4014 CVE-2004-0618 DoS 2004-12-06 2017-07-10
2.1
None Local Low Not required None None Partial
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
4015 CVE-2004-0602 +Priv 2004-12-06 2017-07-10
2.1
None Local Low Not required Partial None None
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
4016 CVE-2004-0596 DoS 2004-08-06 2017-07-10
2.1
None Local Low Not required None None Partial
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
4017 CVE-2004-0587 DoS 2004-08-06 2017-10-10
2.1
None Local Low Not required None None Partial
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
4018 CVE-2004-0565 +Info 2004-12-06 2017-10-10
2.1
None Local Low Not required Partial None None
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
4019 CVE-2004-0564 2004-12-23 2017-07-10
2.1
None Local Low Not required None Partial None
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
4020 CVE-2004-0563 2004-12-23 2017-07-10
2.1
None Local Low Not required Partial None None
The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password.
4021 CVE-2004-0559 2004-10-20 2017-07-10
2.1
None Local Low Not required None Partial None
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
4022 CVE-2004-0554 DoS 2004-08-06 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
4023 CVE-2004-0535 Overflow 2004-08-06 2017-10-10
2.1
None Local Low Not required Partial None None
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
4024 CVE-2004-0533 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
4025 CVE-2004-0512 DoS 2004-12-23 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.
4026 CVE-2004-0511 DoS 2004-12-23 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
4027 CVE-2004-0497 2004-12-06 2017-10-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
4028 CVE-2004-0491 2004-12-31 2017-10-10
2.1
None Local Low Not required None Partial None
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
4029 CVE-2004-0484 DoS 2004-07-07 2017-07-10
2.6
None Remote High Not required None None Partial
mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
4030 CVE-2004-0481 2005-02-23 2018-10-30
2.1
None Local Low Not required None Partial None
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
4031 CVE-2004-0478 399 DoS 2004-07-07 2017-07-10
2.6
None Remote High Not required None None Partial
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
4032 CVE-2004-0473 2004-07-07 2017-07-10
2.6
None Remote High Not required None Partial None
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
4033 CVE-2004-0471 DoS 2004-07-07 2017-07-10
2.1
None Local Low Not required None None Partial
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
4034 CVE-2004-0462 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
4035 CVE-2004-0452 2004-12-21 2017-10-10
2.6
None Local High Not required None Partial Partial
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
4036 CVE-2004-0445 DoS 2004-07-07 2017-07-10
2.6
None Remote High Not required None None Partial
The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.
4037 CVE-2004-0427 DoS 2004-07-07 2018-05-02
2.1
None Local Low Not required None None Partial
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
4038 CVE-2004-0423 2004-07-07 2016-10-17
2.1
None Local Low Not required None Partial None
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
4039 CVE-2004-0422 2004-07-07 2017-07-10
2.1
None Local Low Not required None Partial None
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.
4040 CVE-2004-0415 2004-11-23 2017-10-10
2.1
None Local Low Not required Partial None None
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
4041 CVE-2004-0407 DoS 2004-06-01 2017-07-10
2.6
None Remote High Not required None None Partial
The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish.
4042 CVE-2004-0394 Overflow 2004-08-18 2017-07-10
2.1
None Local Low Not required Partial None None
A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.
4043 CVE-2004-0388 2004-06-01 2017-10-10
2.1
None Local Low Not required None Partial None
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
4044 CVE-2004-0381 2004-05-04 2017-10-10
2.1
None Local Low Not required None Partial None
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
4045 CVE-2004-0372 2004-04-15 2017-07-10
2.1
None Local Low Not required None Partial None
xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.
4046 CVE-2004-0370 2004-05-04 2017-07-10
2.1
None Local Low Not required Partial None None
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
4047 CVE-2004-0351 2004-11-23 2017-07-10
2.1
None Local Low Not required Partial None None
Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.
4048 CVE-2004-0350 2004-11-23 2017-07-10
2.1
None Local Low Not required Partial None None
SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.
4049 CVE-2004-0342 DoS 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
4050 CVE-2004-0341 DoS 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
Total number of vulnerabilities : 4610   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 (This Page)82 83 84 85 86 87 88 89 90 91 92 93
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.