X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
Max CVSS
7.8
EPSS Score
1.88%
Published
2004-12-31
Updated
2017-07-11
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
0.86%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.
Max CVSS
5.0
EPSS Score
1.57%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-31
Updated
2008-09-05
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
Max CVSS
6.4
EPSS Score
0.17%
Published
2004-12-31
Updated
2024-03-21
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
Max CVSS
2.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2018-10-03
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
Max CVSS
7.5
EPSS Score
0.45%
Published
2004-12-31
Updated
2017-10-11
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-10-11
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
Max CVSS
5.0
EPSS Score
1.45%
Published
2004-08-09
Updated
2017-07-11
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
Max CVSS
10.0
EPSS Score
13.31%
Published
2004-08-09
Updated
2017-07-11
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-10-11
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-31
Updated
2016-10-18
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-27
Updated
2017-07-11
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
Max CVSS
2.1
EPSS Score
0.09%
Published
2004-10-04
Updated
2023-03-24
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-23
Updated
2017-07-11
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
Max CVSS
5.0
EPSS Score
2.33%
Published
2004-12-31
Updated
2018-10-19
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
Max CVSS
7.5
EPSS Score
1.06%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2008-09-10
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
Max CVSS
5.0
EPSS Score
0.75%
Published
2004-12-23
Updated
2017-07-11
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
Max CVSS
10.0
EPSS Score
2.69%
Published
2004-12-06
Updated
2017-07-11
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
Max CVSS
10.0
EPSS Score
0.50%
Published
2004-12-06
Updated
2017-07-11
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-08-06
Updated
2017-07-11
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.
Max CVSS
5.0
EPSS Score
0.93%
Published
2004-12-06
Updated
2017-07-11
Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
3.54%
Published
2004-12-31
Updated
2017-07-11
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-08-06
Updated
2016-11-28
36 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!