Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."
Max CVSS
10.0
EPSS Score
0.49%
Published
2007-01-24
Updated
2010-09-15
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
Max CVSS
4.6
EPSS Score
0.05%
Published
2005-10-27
Updated
2018-10-30
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-08-05
Updated
2023-02-13
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
Max CVSS
2.1
EPSS Score
0.11%
Published
2005-08-05
Updated
2023-02-13
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
Max CVSS
5.0
EPSS Score
1.42%
Published
2005-04-14
Updated
2018-10-30
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
Max CVSS
7.5
EPSS Score
1.85%
Published
2005-03-02
Updated
2008-09-05
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Max CVSS
7.5
EPSS Score
0.76%
Published
2005-03-02
Updated
2018-10-19
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
Max CVSS
7.5
EPSS Score
1.71%
Published
2005-03-02
Updated
2018-10-03
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
Max CVSS
5.0
EPSS Score
5.32%
Published
2005-03-14
Updated
2017-10-11
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
Max CVSS
5.0
EPSS Score
5.72%
Published
2005-03-15
Updated
2018-10-03
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
3.46%
Published
2004-10-07
Updated
2017-07-11
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
Max CVSS
7.5
EPSS Score
2.59%
Published
2005-05-02
Updated
2017-10-11
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
Max CVSS
2.1
EPSS Score
0.06%
Published
2005-05-02
Updated
2017-10-11
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Max CVSS
7.5
EPSS Score
0.66%
Published
2005-04-27
Updated
2017-10-11
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-07
Updated
2018-08-13
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
Max CVSS
6.8
EPSS Score
2.33%
Published
2005-04-27
Updated
2017-10-11
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Max CVSS
7.5
EPSS Score
10.83%
Published
2005-05-02
Updated
2017-10-11
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
Max CVSS
5.0
EPSS Score
4.52%
Published
2004-12-31
Updated
2022-02-28
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-04-14
Updated
2017-10-11
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
Max CVSS
6.2
EPSS Score
0.04%
Published
2005-04-14
Updated
2017-10-11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!