| UNIX / LINUX Operating Systems Only |
Vendor & Software Name |
Common Name |
Risk |
Source |
4D, Inc.
4D WebSTAR 5.3.2 and prior versions |
4D WebSTAR Grants Access to Remote Users and Elevated Privileges to Local Users |
High |
SB04-203
|
ACPID
ACPID 1.0.1, 1.0.3 |
ACPID Insecure Umask Directory Permissions |
Low |
SB04-336 |
| Activestate
ActivePerl 5.6.1 .630- 5.8, RedHat Cygwin 1.5 -1- 1.5.9 -1
|
Multiple Perl Implementation System Function Call Buffer Overflow Vulnerability |
High |
SB04-147 |
Adobe Systems
Adobe Acrobat Reader 5.05 and 5.06 |
Adobe Acrobat Reader Shell Command Injection and Buffer Overflow Vulnerability
CVE Names:
CAN-2004-0630
CAN-2004-0631 |
High |
SB04-245
SB04-231 |
Adobe Systems
Adobe Acrobat Reader 5.05 and 5.06 |
Adobe Acrobat Reader Shell Command Injection & Buffer Overflow Vulnerability
CVE Names:
CAN-2004-0630
CAN-2004-0631 |
|
SB04-259 |
Adobe
Adobe Acrobat Reader 5.0.9 for Unix |
Adobe Acrobat Reader mailListIsPdf() Buffer Overflow
CVE Name:
CAN-2004-1152
|
High |
SB04-357
SB04-364 |
Adobe
Adobe Version Cue on Mac OS X |
Adobe Version Cue Start/Stop Scripts Arbitrary Script Execution |
High |
SB04-350 |
AIM Sniff
AIM Sniff 0.6-0.9 |
AIM Sniff Insecure Temporary File Creation |
Medium |
SB04-058 |
Aladdin Enterprises
Ghostscript 4.3, 4.3.2, 5.10 cl, 5.10.10 -1 mdk, 5.10.10 -1, 5.10.10 mdk, 5.10.10, 5.10.12 cl, 5.10.15, 5.10.16, 5.50, 5.50.8 _7, 5.50.8, 6.51, 6.52, 6.53, 7.0 4-7.07 |
GhostScript Insecure Temporary File Creation
CVE Name:
CAN-2004-0967
|
Medium |
SB04-301
SB04-280 |
Alvaro Lopez Ortega
Cherokee HTTPD 0.1, 0.1.5, 0.1.6, 0.2, 0.2.5-0.2.7, 0.4.6-0.4.8, 0.4.17 |
Cherokee HTTPD Auth_Pam Authentication Remote Format String
|
High |
SB04-315 |
Amir Malik
QwikMail 0.3 |
Amir Malik QwikMail Buffer Overflow |
High |
SB04-357 |
Andrew Tridgell
Jitterbug 1.62 & prior |
Jitterbug CGI Remote Arbitrary Command Execution
CVE Name:
CAN-2004-0028 |
High |
CyberNotes-2004-02 |
Andrew W. Rogers
pcal 0.7.1 |
Andrew W. Rogers pcal Buffer Overflows |
High |
SB04-357 |
Angello Rosiello
Rosiello Security rpf 1.2.2 |
Angello Rosiello Security RPF Multiple Remote And Local Vulnerabilities |
High |
SB04-364 |
Anoakie Turner
GREED (Get and Resume Elite EDition) 0.81p |
Anoakie Turner GREED 'DownloadLoop()' Function |
High |
SB04-357 |
Anton Raharja
PlaySMS 0.6, 0.7 |
PlaySMS SQL Input Validation |
High |
SB04-245 |
Apache Software Foundation
|
Apache Web Server Remote Denial of Service
CVE Name:
CAN-2004-0942
|
Low |
SB04-329
SB04-315 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.48 |
Apache Connection Blocking Denial of Service
CVE Name:
CAN-2004-0174
|
Low |
SB04-105
SB04-119
SB04-091 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.48 |
Apache Error Log Escape Sequence Injection
CVE Name:
CAN-2003-0020
|
High |
SB04-119
SB04-105
SB04-091 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50; Avaya Converged Communications Server 2.0,
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0 |
|
Low |
SB04-343
SB04-308
SB04-273
SB04-266
SB04-259
SB04-252
|
Apache Software Foundation
Apache 2.0.35- 2.0.48 |
Apache Mod_SSL HTTP Request Remote Denial of Service
CVE Name:
CVE-2004-0113
|
Low |
SB04-119
SB04-091
SB04-077 |
Apache Software Foundation
Apache 2.0.35-2.0.52 |
Apache mod_ssl SSLCipherSuite Access Validation
CVE Name:
CAN-2004-0885
|
Medium |
SB04-350
SB04-336
SB04-322
SB04-315
SB04-301
SB04-294 |
Apache Software Foundation
Apache 2.0.50 |
|
Low |
SB04-343
SB04-308
SB04-273
SB04-266
SB04-259
|
Apache Software Foundation
Conectiva
Gentoo
HP
Immunix
Mandrake OpenBSD
OpenPKG
RedHat
SGI
Trustix
Apache 1.3.26‑1.3.29, 1.3.31;
OpenBSD –current, 3.4, 3.5 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-343
SB04-329
SB04-315
SB04-308
SB04-294
SB04-189
SB04-175 |
Apache Software Foundation
Gentoo
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Tinysofa
Trustix
Apache 1.3-2.0.49 |
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow
CVE Name:
CAN-2004-0488
|
Low/High
(High if arbitrary code can be executed)
|
SB04-294
SB04-147 |
Apache Software Foundation
Apache 2.0.49 (Win32) with PHP 5.0.0 RC2 |
Apache Can Be Crashed By PHP Code |
Low |
SB04-231 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31 |
|
High |
SB04-350
SB04-336
SB04-329
SB04-315
SB04-301 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.7 –dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17 1.3.20, 1.3.22- 1.3.29 |
|
Medium |
SB04-077 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.49 |
Apache mod_disk_ cache Module Client Authentication Credential Disclosure |
Medium |
SB04-091 |
Apache Software Foundation
Apache 2.0.51 |
Apache Satisfy Directive Access Control Bypass
CVE Name:
CAN-2004-0811
|
Medium |
SB04-308
SB04-273 |
Apache Software Foundation
Gregory Trubet-skoy mod_ python 2.7-2.7.8, 3.0-3.0.3 |
Apache mod_python Module Remote Denial of Service
CVE Name:
CAN-2003-0973
|
Low |
SB04-119 |
Apache Software Foundation
Mod_perl version 1.99_09 with Apache 2.0.47 |
Apache mod_perl Module File Descriptor Leakage |
Medium |
CyberNotes-2004-02 |
Apache Software Foundation
PHP 4.2.x, 4.3.x; running with Apache 2.0.x |
Apache ‘mod_php’ Module Information Disclosure |
Medium |
CyberNotes-2004-01 |
Apache-ssl.org
Apache-SSL 1.3.28+ 1.52 & prior |
Apache-SSL Client Certificate Forging |
Medium |
SB04-058 |
Apple Computer
Panther 10.3.4 - Internet Connect 1.3 |
Apple 'Internet Connect.app' Uses and Unsafe Temporary File That Lets Local Users Gain Root Privileges |
Medium |
SB04-217 |
Apple Computer Inc
OS X 10.3-10.3.3
|
Apple Mac OS X help system may interpret inappropriate local script files
CAN-2004-0486
|
High |
SB04-147 |
| Apple Computer Inc.
Apple Macintosh OS X |
|
High |
SB04-147 |
Apple
iCal 1.5.3 |
Apple iCal Calendar Import Alarm Notification Failure
CVE Name:
CAN-2004-1021
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-336 |
Apple
iChat 1.0.1, AV 2.0, 2.1 |
|
High |
SB04-266 |
Apple
Mac OS X 10.0- 10.0.4, 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2, Mac OS X Server 10.0, 10.2- 10.2.8, 10.3- 10.3.2 |
MacOSX Buffer Overflow
CVE Name:
CAN-2003-1006 |
High |
CyberNotes-2004-01 |
Apple
Mac OS X 10.2.8, 10.3.2, Mac OS X Server 10.2.8, 10.3.2 |
MacOS X ASN.1 Decoding Unspecified Remote Denial of Service |
Low |
CyberNotes-2004-01 |
Apple
Mac OS X 10.2.8, 10.3.2, Mac OS X Server 10.2.8, 10.3.2 |
MacOS X ‘fs_usage‘ Elevated Privileges |
Medium |
CyberNotes-2004-01 |
Apple
Mac OS X 10.2.8, 10.3.2, Mac OS X Server 10.2.8, 10.3.2 |
MacOS X AppleFile Server Unspecified |
Low |
CyberNotes-2004-01 |
Apple
MacOS X, MacOS X Server, Darwin |
MacOS X SecurityServer Daemon Denial of Service |
Low/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
| Apple
Mac OS X 10.2.8, 10.3.4, OS X Server 10.2.8, 10.3.4 |
|
High/Medium
(Medium if elevated privileges can be obtained)
|
SB04-245
SB04-175 |
| Apple
Mac OS X 10.3-10.3.3, Mac OS X Server 10.3-10.3.3
|
Mac OS X Multiple Security Vulnerabilities
|
Not Specified |
SB04-175
SB04-161 |
Apple
Darwin Streaming Server 4.1.3, Darwin Streaming Server 4.1.3 |
Quick Time/ Darwin Streaming Server Remote Denial of Service
CVE Name:
CAN-2004-0169
|
Low |
SB04-077 |
Apple
Darwin
Streaming Server 5.0.1 on Mac OS X 10.2.8 or 10.3.6 Server |
Apple Darwin Streaming Server DESCRIBE Null Byte Denial of Service
CVE Name:
CAN-2004-1123
|
Low |
SB04-350 |
Apple
Mac OS X 10.0 3, 10.0- 10.0.4, 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2 |
Mac OS X Apple Filing Protocol Client Multiple Vulnerabilities |
Medium |
SB04-077 |
Apple
Mac OS X 10.2- 10.2.8, 10.3- 10.3.3, Mac OS X Server 10.2- 10.2.8, 10.3- 10.3.3 |
|
Medium |
SB04-133 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Apache File Handlers Bypass & Directly Access
CVE Name:
CAN-2004-1084 |
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Apache on Apple HFS+ '.DS_Store' Files Disclosure
CVE Name:
CAN-2004-1083
|
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple AppKit Secure Input
CVE Name:
CAN-2004-1081 |
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Cyrus IMAP Server Remote Mailbox Access
CVE Name:
CAN-2004-1089
|
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Server |
Apple Apache mod_digest_apple Authentication Credentials Replay
CVE Name:
CAN-2004-1082
|
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Server |
Apple QuickTime Streaming Server Remote Denial of Service
CVE Name:
CAN-2004-1123 |
Low |
SB04-343 |
Apple
Mac OS X 10.2.8, 10.3.4, 10.3.5 |
Apple QuickTime Streaming Server Remote Denial of Service
CVE Name:
CAN-2004-0825
|
Low |
SB04-266
SB04-259 |
Apple
Mac OS X 10.2.8, 10.3.4, 10.3.5
|
PPPDialer Unsafe Log Files Elevated Privileges
CVE Name:
CAN-2004-0824
|
Medium |
SB04-259 |
Apple
Mac OS X 10.2.8, 10.3.4, 10.3.5 |
Apple Safari Frame Remote Arbitrary Code Execution
CVE Name:
CAN-2004-0720
|
High |
SB04-259 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Terminal Incorrect 'Secure Keyboard Entry' Status
CVE Name:
CAN-2004-1087 |
Low |
SB04-343 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Postfix CRAM-MD5 Replay Attack
CVE Name:
CAN-2004-1088 |
Medium |
SB04-343 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple PSNormalizer Buffer Overflow
CVE Name:
CAN-2004-1086 |
High |
SB04-343 |
Apple
Mac OS X 10.3.6 Client; Mac OS X 10.3.6 Server
|
Apple HIToolbox Kiosk Mode Application Quit
CVE Name:
CAN-2004-1085
|
Low |
SB04-343 |
Apple
Mac OS X 10.3.x, 10.2.x |
Mac OS X TruBlue Environment Local Buffer Overflow
CVE Name:
CAN-2004-0089
|
High |
CyberNotes-2004-03 |
Apple
Mac OS X Server 10.0, 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2 |
Mac OS X Server Administration Service Remote Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-091 |
Apple
MacOS X 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2,
MacOS X Server 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2
|
|
Medium |
SB04-077 |
Apple
MacOS X 10.2.8, 10.3.4, 10.3.5 |
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-252 |
Apple
MacOS X 10.2.8, 10.3.5 |
Postfix Buffer Error Remote Authentication Prevention
CVE Name:
CAN-2004-0925
|
Medium |
SB04-280 |
Apple
MacOS X 10.2.8, 10.3.5
|
|
High |
SB04-280 |
Apple
MacOS X 10.2.8, 10.3.5 |
|
Medium |
SB04-308
SB04-280 |
Apple
MacOS X 10.2.8, 10.3.5 |
NetInfo Manager Root Account Status Display
CVE Name:
CAN-2004-0924 |
Medium |
SB04-280 |
Apple
MacOS X 10.3.5 |
|
Medium |
SB04-280 |
Apple
Remote Desktop 2.0 |
Apple Remote Desktop Administrator Privilege Elevation
CVE Name:
CAN-2004-0962
|
High |
SB04-308 |
Apple
Safari 1.0 - 1.2.3 |
Apple Safari Web Browser HTML Form Status Bar Misrepresentation |
Medium |
SB04-357 |
Apple
Safari 1.2.3 |
Apple Safari Cross-Domain Dialog Box Spoofing |
Medium |
SB04-301 |
Apple
Safari 1.2.4 |
Apple Safari Open Windows Injection |
High |
SB04-357
SB04-350 |
Apple
Safari Beta 2, 1.0, 1.1 |
Safari Denial of Service
|
Low |
SB04-077 |
Apple
Safari Beta 2, 1.0-1.2.3 |
Apple Safari Web Browser Infinite Array Sort Denial of Service |
Low |
SB04-336 |
APSIS
Pound 1.5 |
Pound Remote Format String
|
High |
SB04-133 |
ARJ Software Inc.
UNARJ 2.62-2.65 |
ARJ Software UNARJ Remote Buffer Overflow
CVE Name:
CAN-2004-0947
|
High |
SB04-350
SB04-329
SB04-322 |
Astaro
Conectiva
Debian
Devil-Linux
Mandrake
RedHat
Slackware
SuSE
TurboLinux
Trustix
Linux kernel 2.4.18, 2.4.19, 2.4.21-2.4.26, 2.6-2.6.7
|
|
Medium |
SB04-189
SB04-175 |
Astaro
Astaro Security Linux 4 |
Astaro Security Linux System Information Disclosures |
Medium |
SB04-315 |
AStArt Technologies
LPRng 3.8.28 |
AStArt Technologies LPRng "lprng_certs.sh" Script Insecure Temporary File Creation |
High |
SB04-364 |
Atari
Atari800 1.3.1 & prior |
Atari800 Emulator Multiple Buffer Overflows
CVE Name:
CAN-2004-1076
|
High |
SB04-357
SB04-350
SB04-336 |
AtBas
2fax 3.04 |
AtBas 2fax expandtabs() Buffer Overflow |
High |
SB04-357
|
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP5, and 8.1 SP2; and prior service packs |
WebLogic Administrative Console Password Disclosure |
Medium |
SB04-259 |
| Bell Labs
Unix Seventh Edition
|
Mkdir Buffer Overflow
|
High |
SB04-161 |
Ben Yacoub Hatem
MySQL Backup Pro 1.0.5-1.0.7 |
MySQL Backup Pro Information Disclosure |
Medium |
SB04-245 |
Benchmark Design
WHM Autopilot 2.4.5 and prior |
Benchmark Designs' WHM Autopilot Backdoor Allows Plaintext Credential
Leakage |
Medium |
SB04-231 |
Bharat Mediratta
Gallery 1.4.4 |
|
High |
SB04-252
SB04-245 |
Bharat Mediratta
Gallery 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1. |
Gallery Remote 'register_ globals' Code Execution |
High |
CyberNotes-2004-03 |
BitWizard
mtr 0.55 through 0.65 |
BitWizard mtr 'mtr_curses_keyaction()' Function Buffer Overflow |
Medium |
SB04-350 |
| blosxom.com
Blosxom 2.0 |
Blosxom ‘Writeback’ Plug-in Cross-Site Scripting |
High |
SB04-175 |
| BNBT
BitTorrent Beta 7.5 Release 2 and prior versions
|
BNBT BitTorrent Tracker Denial Of Service |
Low/High (High if arbitrary code can be executed) |
SB04-147 |
| BNBT
cbtt75_20040515
|
CBTT Can Be Crashed By Remote Users Sending Specially Crafted HTTP Basic Authentication Headers |
Low |
SB04-147 |
Bolthole
Filter 2.6.1 |
Bolthole Filter save_embedded_address() Buffer Overflow |
High |
SB04-357
|
Botan
Botan 1.3-1.3.6 |
Botan ‘Es_Unix’ Elevated Privileges |
Medium |
CyberNotes-2004-01 |
Brad Fears
PhpCode Cabinet 0.1-0.4 |
PHPCode Cabinet Multiple Cross-Site Scripting |
High |
SB04-058 |
Brad Fears
PhpCode Cabinet 0.2-0.4 |
PHPCode Cabinet Arbitrary Code Execution |
High |
SB04-058 |
British National Corpus
SARA |
SARA Remote Buffer Overflow |
High |
SB04-245 |
BSD
csv2xml 0.5.1 |
BSD csv2xml get_csv_token() Buffer Overflow |
High |
SB04-357 |
bsd-games
bsd-games 2.9, 2.12-2.14 |
BSD-Games File Name Buffer Overflow |
Medium |
SB04-119 |
BSD
Junkie: 0.3.1 |
BSD Junkie Input Validation Holes |
High |
SB04-357 |
BSD
tnftp 20030825 |
BSD tnftp mget() Input Validation Hole |
High |
SB04-357 |
| BusyBox
Linux Utilities 1.0 pre9, Linux Utilities 1.0 pre8, Linux Utilities 1.0 pre10
|
BusyBox Local Netlink Mishandling Vulnerability |
Low |
SB04-147 |
| Caolan McNamara & Dom Lachowicz
wvWare version 0.7.4, 0.7.5, 0.7.6 and 1.0.0 |
|
|
SB04-343
SB04-315
SB04-266
SB04-259
SB04-203 |
Caolan Mc-Namara
XInterceptTalk xitalk 1.1.11 |
XInterceptTalk XITalk Arbitrary Command Execution
|
Medium |
SB04-077 |
| Carl Harris
pop client 3.0 b6
|
pop client Off-By-One Overflow
|
High/Low
(High if arbitrary code can be executed; and Low if a DoS)
|
SB04-189 |
Carnegie Mellon University
Cyrus IMAP Server 2.2.9 and prior versions |
Carnegie Mellon Cyrus IMAP Server Off-by-one Overflow
CVE Name:
CAN-2004-1067 |
High |
SB04-350 |
Carnegie Mellon University
Cyrus IMSP Daemon 1.4, 1.5a6, 1.6a3, 1.7 |
Cyrus IMSP Daemon Remote Buffer Overflow |
High |
|
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Cyrus SASL Buffer Overflow & Input Validation
CVE Name:
CAN-2004-0884
|
|
SB04-322
SB04-294
SB04-287 |
Carsten Haitzler
imlib 1.x |
Carsten Haitzler imlib Image Decoding Integer Overflow
CVE Name:
CAN-2004-1026
CAN-2004-1025 |
High |
SB04-364
SB04-357
SB04-350
SB04-343 |
Caudium
Caudium 1.2 .x, 1.3 .x, 1.4.1, 1.4.2. 1.4.4 RC1 |
Caudium Off-by-One Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-308 |
cdp.Sourceforge.net
cdp 0.4, 0.33 |
CDP PrintTOC Function Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-119
SB04-105 |
CGIscript.NET
csFAQ |
csFAQ Path Disclosure |
Medium |
SB04-203 |
Charles Cazabon
getmail 4.0.0b10, 4.0-4.0.13, 4.1-4.1.5; Gentoo Linux 1.4 |
Getmail Privilege Escalation |
Medium |
SB04-287
SB04-280
SB04-273 |
Cherokee
Cherokee 0.x |
Cherokee Cross-Site Scripting
|
High |
CyberNotes-2004-03 |
Chris Walshaw
abc2mtex 1.6.1 |
Chris Walshaw abc2mtex process_abc() Buffer Overflow |
High |
SB04-357 |
Christoph Appel
Perl Crypt::ECB 1.1 -2, 1.1 |
Christoph Appel Perl Crypt::ECB Incorrect Block Encryption |
Medium |
SB04-357 |
Christoph Dalitz
abctab2ps 1.6.3 |
Christoph Dalitz abctab2ps Buffer Overflows |
High |
SB04-357 |
Citadel Systems
Citadel/UX 6.27 and prior versions |
Citadel/UX Format String |
High |
SB04-350 |
Citadel/ UX
Citadel/ UX 5.90, 5.91 |
Citadel/UX Insecure Default Permissions |
Medium |
SB04-119 |
Citadel/UX
Citadel/UX 6.23 and prior |
Citadel/UX Remote Buffer Overflow Vulnerability |
High |
SB04-217 |
Clam Anti- Virus
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68-1, 0.68 |
Clam Anti-Virus ClamAV Arbitrary Command Execution |
High |
SB04-105 |
clamav. Source forge.net
Clam Anti-Virus ClamAV 0.65 |
ClamAV Daemon Remote Denial of Service
|
Low |
SB04-058 |
clamav. Source forge.net
ClamAV 0.65, 0.67 |
ClamAV RAR Archive Remote Denial of Service
|
Low |
SB04-091 |
Computer Associates
Inoculate IT 6.0 |
InoculateIT Insecure Default Installation |
Medium |
SB04-058 |
Concurrent Versions System ,
Caldera
Conectiva
Debian
Fedora ,
FreeBSD
Gentoo
Immunix
Mandrake
OpenBSD
OpenPKG
NetBSD
RedHat
SGI
Slackware
SuSE
TurboLinux
CVS 1.11.15 and prior versions (stable); 1.12.7 and prior versions (feature);
Gentoo Linux 1.4;
NetBSD Current, 1.6-1.6.2
|
|
High |
SB04-161 |
| Concurrent Versions System
1.11.15 and prior versions (stable); 1.12.7 and prior versions (feature)
|
|
Medium |
SB04-147 |
Concurrent Versions Systems (CVS) 1.11 |
CVS Undocumented Flag Information Disclosure
CVE Name:
CAN-2004-0778 |
Low |
SB04-301
SB04-287
SB04-273 |
CPAN WWW:: Form
CPAN WWW:: Form 1.12 & prior |
CPAN WWW::Form HTML Injection |
High |
CyberNotes-2004-03 |
| cPanel Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 .0-R85, 9.1
|
cPanel Unauthorized Database Password Changes |
Medium |
SB04-175 |
| cPanel, Inc.
cluecentral suexec.patch
|
cPanel ‘mod_php’ suEXEC Trait
|
High |
SB04-175 |
| cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4- 6.4.2, 7.0, 8.0, 9.0, 9.1 .0-R85, 9.1
|
CPanel Perl Script Failure To Implement Taint Mode |
High |
SB04-175 |
cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 |
cPanel Login Script Remote Command Execution
|
|
SB04-077 |
cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 |
cPanel ‘dir’ Field Cross-Site Scripting
|
|
SB04-077 |
cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 |
cPanel ‘Resetpass’ Remote Command Execution |
|
SB04-077 |
CPanel, Inc.
cPanel 9.1 |
CPanel Multiple Remote Cross-Site Scripting Vulnerabilities
|
High |
SB04-091 |
cPanel, Inc.
cPanel 9.1.0-R85 |
cPanel Multiple Module Cross-Site Scripting |
High |
SB04-105 |
| CPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4, 6.4.1, 6.4.2 STABLE_48, 6.4.2, 7.0. 8.0, 9.0, 9.1 .0-R85, 9.1
|
cPanel Apache ‘mod_phpsuexec’ Options
|
High
|
SB04-161 |
| cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4, 6.4.1, 6.4.2 .STABLE_48, 6.4.2, 7.0, 8.0, 9.0, 9.1 .0-R85, 9.1
|
cPanel ‘/scripts/killacct’ Script Customer Account DNS Information Deletion |
Medium |
SB04-161 |
cPanel, Inc.
cPanel 9.4.1-RELEASE-64; 9.9.1-RELEASE-3 |
cPanel Backup & FrontPage Management Remote Arbitrary File Modifications |
Medium/High
(High if root access can be obtained)
|
SB04-301
SB04-294 |
cPanel, Inc.
cPanel 9.4.1-STABLE 65 |
cPanel Truncated Password Brute Force |
Medium |
SB04-301 |
Cscope
Cscope 13.0, 15.1, 15.3-15.5 |
Cscope Insecure Temporary File Creation & #include Statement Buffer Overflow
CVE Name:
CAN-2004-0996
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-357
SB04-329 |
CVS
Caldera
Conectiva
Debian
Fedora
Gentoo
Immunix
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Slackware
SuSE
CVS 1.10.7, 1.10.8, 1.11‑1.11.6, 1.11.10, 1.11.11, 1.11.14‑1.11.16, 1.12.1, 1.12.2, 1.12.5, 1.12.7, 1.12.8; Gentoo Linux 1.4; OpenBSD –current, 3.4, 3.5; OpenPKG Current, 1.3, 2.0 |
|
Low/ High
(Low if a DoS; and High if arbitrary code can be executed)
|
SB04-287
SB04-273
SB04-175 |
cvstrac.org
CVSTrac 1.1.3 |
CVSTrac "filediff" Arbitrary Command Execution Vulnerability |
High |
SB04-231 |
D. J. Bernstein
QM ail 1.03 |
QM ail Remote Denial of Service |
Low |
CyberNotes-2004-02 |
dadaIMC
dadaimc 0.95-0.98.2 |
dadaIMC HTML Injection |
High |
SB04-301 |
Dan Bernstein
QM ail 1.0 3, 1.0 2 |
Mail-QMTPD Buffer Overflow |
Medium |
SB04-077 |
Dans Guardian
Webmin Module prior to 0.5.9 |
Webmin Module Remote Directory Traversal |
Medium |
CyberNotes-2004-02 |
Dave McMurtrie
up-imapproxy, 1.2.2 |
Up-IMAPProxy Multiple Remote Vulnerabilities |
Low /Medium
(Medium if sensitive information can be obtained)
|
SB04-322 |
| Dave White
Dr. Cat 0.5 .0-beta
|
Dr.Cat Drcatd Multiple Local Buffer Overflows |
High |
SB04-189 |
David Collier-Brown
ssmtp 2.50.6 |
SSMTP Mail Transfer Agent Symbolic Link |
Low/ Medium
(Medium if files are corrupted or elevated privileges are obtained)
|
SB04-119 |
David Collier-Brown
ssmtp 2.50.6 |
SSMTP Mail Transfer Format String Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-133
SB04-119 |
David Giffin
xlreader 0.9.0 |
David Giffin xlreader book_format_sql() Buffer Overflow |
High |
SB04-357 |
David Lechnyr
Confirm 0.50-0.55, 0.60-0.62 |
Confirm E-Mail Header Remote Command Execution |
High |
SB04-077 |
David Stes
IPMenu Netfilter/ IPtables Rule Editor .1, Editor .2, Editor .3 |
IPMenu Unsafe 'ipmenu.log' Temporary File |
Medium |
SB04-133 |
| Debian
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
sup sup 1.8
|
|
High |
SB04-175 |
Debian
FSP Suite 2.x |
Debian FSP Vulnerabilities
CVE Names:
CAN-2004-0001
CAN-2003-1022 |
Medium/High
(High if arbitrary code can be executed) |
|
Debian
GNU/ Linux unstable alias sid, GNU/ Linux 3.0 |
Netpbm Temporary File
CVE Name:
CAN-2003-0924 |
Medium |
|
Debian
libapache-mod-ssl, courier (sqwebmail), mailreader |
Debian updates for libapache-mod-ssl , courier, and mailreader |
High |
SB04-217 |
Debian
telnetd 0.17 -25, 0.17 -18 |
Debian GNU/Linux Telnetd Invalid Memory Handling
CVE Name:
CAN-2004-0911
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-301
SB04-287 |
Debian
Debian GNU/Linux 3.0, Debian GNU/Linux unstable alias sid
|
Debian hpsockd Buffer Overflow Vulnerability
|
Low/High
(High if arbitrary code can be executed)
|
SB04-343 |
Debian
debmake |
|
High |
SB04-364 |
Dom Lachowicz
AbiWord 2.0.7 and prior |
Dom Lachowicz AbiWord "wv" Library Buffer Overflow |
High |
SB04-343 |
Donald R Woods
Spider 1.1 |
Spider Game Buffer Overflow |
High |
SB04-280 |
Double Precision, Inc.
Inter7 Courier-IMAP 1.6, 1.7, 2.0 .0, 2.1- 2.1.2, 2.2 .0. 2.2.1 |
|
High |
SB04-252
SB04-245 |
Doug Hanks
sudosh 1.0, 1.1, 1.2.2, 1.2.3, 1.3, 1.3.2, 1.3.4-1.3.6 |
Sudosh Shell Environment Variable Processing |
Not Specified |
SB04-308 |
Downhill Battle
Blog Torrent Preview Version 0.8 |
Downhill Battle Blog Torrent 'btdownload.php' Input Validation
|
|
SB04-343 |
ECW-Shop
ECW-Shop 5.01, 5.5 |
ECW-Shop ‘Cat’ Parameter Cross-Site Scripting |
High |
|
Eggheads Development Team
Eggdrop IRC bot 1.6.10- 1.6.15 |
Eggdrop ‘Share Mod’ Remote Sharebot Status |
High |
SB04-058 |
emil
emil 2.0.4, 2.0.5, 2.1.0-beta9 |
Emil Multiple Buffer Overflow & Format String |
High |
SB04-119
SB04-091 |
EnderUNIX SDT
Hafiye 1.0 |
Hafiye Terminal Escape Sequence |
High |
SB04-245 |
EnderUNIX SDT
Isoqlog 2.1.1, 2.2 beta
|
Isoqlog Multiple Buffer Overflows
|
High
|
SB04-161 |
EnderUNIX SDT
Spamguard 1.6
|
Spamguard Multiple Buffer Overflows
|
High |
SB04-161 |
energymech. net
EnergyMech 2.99.79 & prior |
EnergyMech ESAY Command Buffer Overflow |
Not Specified |
SB04-336 |
Epic Games, Inc.
Unreal Tournament |
|
High |
SB04-203 |
Eric Raymond
cstrings 2.x |
cstrings Insecure Temporary File Creation |
Medium |
CyberNotes-2004-02 |
Eric S. Raymond
Email Filter 0.9 .0.5, 0.9 .0.4, 0.9 .0.3, 0.92, 0.92.4, 0.92.6, 0.92.7 |
Bogofilter EMail Filter Remote Denial of Service
CVE Name:
CAN-2004-1007
|
Low |
SB04-329
SB04-315 |
Esearch
Gentoo
emerge search tool 0.3.1, 0.4-0.4.2, 0.5-0.5.3, 0.6, 0.6.1
|
Esearch eupdatedb Symbolic Link |
Medium |
SB04-189 |
eSeSIX Computer GmbH
Thintune OS 2.4.38 |
Thintune Client Multiple Vulnerabilities |
Medium |
SB04-217 |
Ethereal
Ethereal 0.x |
Ethereal: Multiple security problems
CVE Names:
CAN-2004-0633
CAN-2004-0634
CAN-2004-0635 |
Low/High
(High if arbitrary code can be executed)
|
SB04-231
SB04-203
SB04-259
SB04-231
SB04-203 |
extremail.com
eXtremail 1.0-1.0.3, 1.1- 1.1.10,
1.5 –8, 1.5 –5, 1.5, 1.5.9
|
eXtremail Authentication Bypass |
Medium |
SB04-077 |
eXtropia
WebStore (version unknown) |
eXtropia WebStore Input Validation Bug Lets Remote Users Execute Arbitrary Commands |
High |
SB04-203 |
Federico D. Sacerdoti
Ansel 2.1 |
Federico D. Sacerdoti Ansel "image" SQL Injection & Script Insertion |
High |
SB04-343 |
Federico David Sacerdoti
Ansel 1.2, 1.3, 1.4, 2.0 |
Federico David Sacerdoti Ansel Insecure Default Permissions
|
Medium |
SB04-294 |
Fedora Project
Fedora Core 1
Fedora Core 2 |
Fedora update for httpd |
Medium |
SB04-203 |
Fedora Project
Fedora Core 2 |
Fedora im-switch Insecure Temporary File Creation Vulnerability |
Medium |
SB04-203 |
fidogate.org
FIDOGATE 4.4.5-4.4.7, 4.4.9 |
FIDOGATE Input Validation |
Medium |
SB04-245 |
| Firebird
Firebird 1.0
|
Firebird Remote Database Name Buffer Overflow
|
High/Low
(High if arbitrary code can be executed)
|
SB04-161 |
Florian Heinz
Nstx IP Over DNS Utility 1.0, 1.1, beta1-beta3 |
NSTX Remote Denial of Service
|
Low |
SB04-091 |
fprobe.sourceforge.net
fprobe 1.x |
fprobe Flaw in 'Change User' Feature |
Not Specified |
SB04-273 |
Fred Dalrymple
Docbook-to-Man |
Fred Dalrymple Docbook-to-Man Insecure Temporary File Creation |
High |
SB04-364 |
Fredric Fredricson
P4DB Repository Web Interface 0.99 h-2, 2.0 1, 2.0 |
P4DB Multiple Input Validation
|
High |
SB04-133 |
Free Software Foundation
CatDoc 0.91.5 |
CatDoc XLSView Local Insecure Temporary File Creation
CVE Name:
CAN-2003-0193
|
Medium |
SB04-308 |
Free Software Foundation
rootsh prior to version 1.4.1 |
Free Software Foundation rootsh Security Bypass |
Medium |
SB04-350 |
FreeBSD
fetch |
FreeBSD fetch() Buffer Overflow |
High |
SB04-329 |
| FreeBSD
FreeBSD 4.0-RELENG, 4.8-RELENG, 4.8-RELEASE-p7, 4.8-PRERELEASE, 4.8, 4.9-RELENG, 4.9-PRERELEASE, 4.9, 4.10-RELENG, 4.10-RELEASE, 4.10, 5.2-RELENG, 5.2-RELEASE, 5.2, 5.2.1-RELEASE
|
|
Medium |
SB04-161 |
| FreeBSD
FreeBSD 4.10 –RELEASE, 5.1 –RELENG, 5.1 -RELEASE/Alpha, 5.1 -RELEASE-p5, 5.1 –RELEASE, 5.1, 5.2.1 -RELEASE
|
FreeBSD execve() Denial of Service
|
Low |
SB04-189 |
| FreeBSD
FreeBSD 4.8, 4.9, 4.10, 5.2
|
FreeBSD Linux Binary Compatibility Memory Access
CVE Name:
CAN-2004-0602
|
Medium/ Low
(Medium if sensitive information can be obtained or elevated privileges; and Low if a DoS)
|
SB04-189 |
| FreeBSD
FreeBSD 4.x
|
FreeBSD ‘jail(2)’ Routing Table Modification
CVE Name:
CAN-2004-0125
|
Medium |
SB04-175 |
FreeBSD
OpenBSD 3.x;
NetBSD 1.x;
FreeBSD 4.x, 5.x
|
|
Medium |
CyberNotes-2004-03 |
FreeBSD Project
FreeBSD Kernel |
FreeBSD Kernel Memory Disclosure
CVE Name:
CAN-2004-1066 |
Medium |
SB04-343 |
FreeBSD
SSLTelnet version 0.13-1 |
SSLTelnet Remote Format String Vulnerability
CVE Name:
CAN-2004-0640 |
High |
SB04-203 |
FreeBSD/OpenBSD
FreeBSD 4.6.2, 4.7-4.9, 5.0-5.2;
OpenBSD 3.3, 3.4
|
BSD Out-of- Sequence Packets Remote Denial of Service
CVE Name:
CAN-2004-0171
|
Low |
SB04-280
SB04-077
|
FreeBSD
FreeBSD |
|
Low |
CyberNotes-2004-03 |
FreeBSD
FreeBSD 5.1 –Release, 5.1, 5.2 –Release, 5.2 |
FreeBSD Unauthorized Jailed Process Attaching
CVE Name:
CAN-2004-0126
|
Medium |
SB04-077 |
FreeBSD
FreeBSD 5.1-Release, 5.2-Release |
FreeBSD mksnap_ffs File System Option Reset
CVE Name:
CAN-2004-0099
|
Medium |
CyberNotes-2004-03 |
FreeBSD
FreeBSD 5.2 -Release |
FreeBSD IPv6 Socket Options Information Disclosure |
Medium |
SB04-105 |
FreeBSD
FreeBSD 5.x |
|
Medium |
SB04-280 |
| FreeIPS
FreeIPS 1.0
|
FreeIPS Protected Service Remote Denial of Service
|
Low |
SB04-175 |
FreeRADIUS Server Project
FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0 |
|
Low |
SB04-322
SB04-308
SB04-287
SB04-273 |
F-Secure
Anti-Virus For Linux 4.52 |
Anti-Virus For Linux Unspecified Scanner Bypass |
Medium |
SB04-077 |
F-Secure
SSH Server 3.0.0- 3.0.9,
3.1 .0
|
F-Secure SSH Server Policy Evasion
|
Medium |
SB04-077 |
fte.source forge.net
fte text editor 0.49.13 |
FTE Multiple Local Unspecified Buffer Overflow
CVE Name:
CAN-2003-0648
|
Low/High
(High if arbitrary code can be executed)
|
SB04-105 |
Fujitsu
Fujitsu ServerView 3.0 |
Fujitsu ServerView MIB Modification |
Medium |
SB04-252 |
Gaim
Gentoo |
Gaim Buffer Overflows in Processing MSN Protocol
CVE Name:
CAN-2004-0500 |
High |
SB04-315
SB04-301
SB04-245
SB04-231 |
Galeon
Galeon Browser 1.3.18 |
Galeon Browser Tabbed Browsing Spoofing |
Medium |
SB04-308 |
Gastón Kleiman
Yanf 0.4 |
Gastón Kleiman Yanf get() Buffer Overflow |
High |
SB04-357
|
gatos
Debian
gatos .5
|
|
Medium |
SB04-161 |
GD Graphics Library
gdlib 2.0.23, 2.0.26-2.0.28 |
|
High |
SB04-357
SB04-343
SB04-336
SB04-329
SB04-322
SB04-315
SB04-308 |
Geeklog.net
Geeklog 1.39 |
Geeklog Default Installation Lets Remote Users Access the Installation Script |
Low |
SB04-231 |
Gentoo Linux 1.x
net-ww/moinmoin-1.2.2 |
MoinMoin: Group ACL bypass |
High |
SB04-203 |
Gentoo Linux 1.x
rsync
|
|
Low |
SB04-203 |
Gentoo Linux 1.x
versions prior to "www-servers/tomcat-5.0.27-r3" |
Gentoo Tomcat Privilege Escalation Vulnerability |
Medium |
SB04-231 |
Gentoo, Linux Kernel 2.6.x
Conectiva, Linux 8 and 9 |
Multiple Vulnerabilities in the Linux Kernel |
High |
SB04-203 |
Gentoo
Gentoo Linux |
Gentoo GIMPS EBuild Insecure Default Permissions |
Medium |
SB04-329 |
Gentoo
Gentoo Linux |
Gentoo ChessBrain EBuild Insecure Default Permissions |
Medium |
SB04-329 |
Gentoo
Gentoo Linux |
Gentoo SETI@home EBuild Insecure Default Permissions |
Medium |
SB04-329 |
Gentoo
Linux 0.2.0_pre10 & prior versions |
Gentoo Gentoolkit 'qpkg' Elevated Privileges |
Medium/High
(High if root access can be obtained) |
SB04-315 |
Gentoo
Linux 1.4_rc1- rc3, 1.4 |
Gentoo Portage Sandbox Insecure Temporary Lockfile Creation |
Medium |
SB04-105 |
Gentoo
Linux 2.0.51-r2 & prior versions |
Gentoo Portage 'dispatch-conf' Elevated Privileges |
Medium/ High
(High if root access can be obtained)
|
SB04-315 |
Gentoo
mirrorselect-0.88 and prior |
Gentoo mirrorselect Insecure Temporary File Creation |
Medium |
SB04-343 |
Gentoo
PDFlib |
Gentoo PDFlib Buffer Overflow
|
High |
SB04-343 |
Gentoo
perl |
Gentoo Perl Privilege Escalation |
Medium |
SB04-343 |
Gerd Knorr
Debian
Mandrake
xpcd 2.0 8;
Debian Linux 3.0, alpha, arm, hppa, ia-32, ia-64, m68k, mips, mipsel, ppc, s/390, sparc,;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64 |
|
Medium |
SB04-161 |
| Gergely Nagy
Thy HTTP Daemon 0.9 .0-0.9.2
|
Thy HTTP Daemon Remote Denial of Service |
Low |
SB04-175 |
Gerhard Rieger
socat 1.0 .x, 1.1 .x, 1.2 .x, 1.3 .x, 1.4 .0.2, 1.4 .0.1, 1.4 .0.0 |
Gerhard Rieger Socat Remote Format String |
High |
SB04-301 |
gift-fasttrack.berlios.de
Gentoo
giFT-FastTrack 0.8.0-0.8.6
|
giFT-FastTrack HTTP Header Parser Remote Denial of Service
|
Low |
SB04-189 |
Global Moxie
Big Medium 1.0 |
Global Moxie Big Medium Remote Script Code Execution |
High |
SB04-343 |
gnofract4d.
sourceforge.net
Gnofract 4D prior to 2.2 |
Gnofract 4 Remote Arbitrary Code Execution |
High |
SB04-294 |
Gnome Development Team
Eazel Nautilus 1.0.4, 2.2, 2.2.1 |
Eazel Nautilus Trash Folder Handler Buffer Overflow |
Low |
SB04-119 |
Gnome Development Team
Epiphany Browser 1.4.4 |
Epiphany Browser Tabbed Browsing Spoofing |
Medium |
SB04-308 |
Gnome Multi Terminal
Gnome Multi Terminal 1.6.2-r1 |
Multi Gnome Terminal Information Leak
|
Medium |
SB04-259 |
GNOME
Gnome 2.0-2.4 |
Gnome ‘LD_ LIBRARY_ PATH’ Elevated Privileges
|
Medium |
SB04-091 |
GNU
Conectiva
Gentoo
Mandrake
Mailman 1.0, 1.1, 2.0 beta 3-beta 5, 2.0-2.0.13, 2.1, 2.1b1, 2.1.1-2.1.4
|
|
Medium |
SB04-175
SB04-161 |
GNU
Conectiva
Mailman 1.0, 1.1, 2.0 beta 3-beta 5, 2.0-2.0.13, 2.1, 2.1b1, 2.1.1
|
|
High |
SB04-161 |
GNU
Gentoo
Aspell 0.50.5;
Gentoo Linux 1.4
|
|
High |
SB04-175 |
GNU
Gentoo
gzip 1.3.3
|
GNU ‘gzexe’ Insecure Temporary File Creation
CVE Name:
CAN-2004-0603
|
High |
SB04-189 |
GNU / GPL
Conectiva
Gentoo
Mandrake
RedHat
SuSE
Trustix
Samba 3.0.0 - 3.0.4 and 2.2.9 and prior
|
Samba Buffer Overflow Vulnerabilities
CVE Names:
CAN-2004-0600
CAN-2004-0686 |
High |
SB04-308
SB04-217 |
GNU
a2ps 4.13 |
GNU a2ps Command Injection |
High |
SB04-336
SB04-273
SB04-245
SB04-266 |
GNU
a2ps 4.13b |
GNU a2ps Two Scripts Insecure Temporary File Creation |
Medium |
SB04-364 |
GNU
CVS 1.10.7, 1.10.8, 1.11- 1.11.6 |
CVS Malformed Request
CVE Name:
CAN-2003-0977 |
Medium |
CyberNotes-2004-03
CyberNotes-2004-02
CyberNotes-2004-01
|
GNU
CVS PServer 1.11.11 & prior |
CVS PServer ‘CVSROOT/ passwd’ Arbitrary Code Execution |
High |
CyberNotes-2004-01 |
GNU
gettext 0.14.1 |
GNU GetText Insecure Temporary File Creation
CVE Name:
CAN-2004-0966
|
Medium |
SB04-308
SB04-287
SB04-280 |
GNU
glibc 2.0-2.0.6, 2.1, 2.1.1 -6, 2.1.1, 2.1.2, 2.1.3 -10, 2.1.3, 2.1.9 & greater, 2.2-2.2.5, 2.3-2.3.4, 2.3.10 |
GNU GLibC Insecure Temporary File Creation
CVE Name:
CAN-2004-0968
|
Medium |
SB04-322
SB04-308 |
GNU
glibc 2.0-2.0.6, 2.1, 2.1.1 -6, 2.1.1, 2.1.2, 2.1.3 -10, 2.1.3, 2.1.9 & greater, 2.2-2.2.5, 2.3-2.3.4, 2.3.10 |
GNU GLibC Insecure Temporary File Creation
CVE Name:
CAN-2004-0968
|
Medium |
SB04-308
SB04-301
SB04-280 |
GNU
GNU Privacy Guard 1.0.2, 1.0.3, 1.0.3 b, 1.0.4- 1.0.7, 1.2-1.2.3 |
GnuPG ElGamal Signing Key Private Key Compromise
CVE Name:
CAN-2003-0971 |
Medium |
CyberNotes-2004-01 |
GNU
gnubiff 1.0.1-1.0.10, 1.2, 1.4 |
gnubiff Multiple Remote POP3 Protocol Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-259 |
GNU
groff 1.19 |
GNU Troff (Groff) Insecure Temporary File Creation
CVE Name:
CAN-2004-0969
|
Medium |
SB04-315
SB04-308
SB04-280 |
GNU
gzip 1.2.4 a |
GNU GZip Insecure Temporary File Creation |
Medium |
SB04-280 |
GNU
Indent |
Indent Local Heap Overflow |
High |
CyberNotes-2004-01 |
GNU
jwhois 3.2.2 |
JWhois Double Free Memory Corruption |
High |
SB04-322 |
| GNU
Radius 1.1
|
GNU Radius SNMP OID Remote Denial of Service
CVE Name:
CAN-2004-0576
|
Low |
SB04-189 |
GNU
screen 3.9.4, 3.9.8- 3.9.11 |
GNU Screen Integer Overflow
CVE Name:
CAN-2003-0972 |
High |
CyberNotes-2004-02
CyberNotes-2004-01 |
GNU
sharutils 4.2, 4.2.1 |
GNU Sharutils Multiple Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-280 |
| GNU
wget 1.5.3-1.9.1 |
Wget May Overwrite Files in Certain Cases and Allow a Local User to Gain Elevated Privileges |
High |
SB04-147 |
| GNU
Libtasn1 0.1-0.2.6
|
|
Not Specified |
SB04-147 |
| GNU
GNATS 3.0 02, 3.2, 3.14 b, 3.113 .1_6, 3.113, 3.113.1, 4.0 |
GNU GNATS Format String |
High |
SB04-322
SB04-189 |
GNU
Gentoo
Aspell 0.50.5; Gentoo Linux 1.4 |
GNU Aspell Stack Buffer Overflow
CVE Name:
CAN-2004-0548 |
High |
SB04-357
SB04-266 |
GNU
Shorewall 1.4.x, 2.0.x |
Shorewall Insecure Temporary File Creation Vulnerability
CVE Name:
CAN-2004-0647 |
Medium |
SB04-231
SB04-203 |
GNU
a2ps 4.13 |
GNU a2ps Filenames Shell Commands Execution |
High |
B04-357
SB04-350 |
GNU
Anubis 3.6.2, 3.9.93 |
Anubis Multiple Vulnerabilities |
High |
SB04-077 |
GNU
Automake 1.7-1.7.9, 1.8.1, 1.8.2 |
GNU Automake Insecure Temporary Directory Creation |
Medium |
SB04-077 |
GNU
ChBg 1.5 |
GNU ChBg simplify_path() Buffer Overflow |
High |
SB04-357
|
GNU
Convex 3D 0.8pre1 |
GNU Convex 3D readObjectChunk() Buffer Overflow |
High |
SB04-357 |
GNU
Coreutils 4.5.1- 4.5.12, 5.0, 5.0.1, 5.0.90, 5.0.91, 5.1-5.1.3, fileutils 4.0, 4.0.33, 4.0.36, 4.1, 4.1.1, 4.1.5- 4.1.7, 4.1.9, 4.1.11 |
Coreutils ‘DIR’ Command
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
GNU
CUPS 1.1.22 |
GNU CUPS HPGL ParseCommand() Buffer Overflow |
High |
SB04-357 |
GNU
CUPS 1.x |
GNU CUPS xpdf "doImage()" Buffer Overflow Vulnerability |
High |
SB04-364 |
GNU
CUPS Ippasswd 1.1.22 |
GNU CUPS lppasswd Denial of Service |
Low |
SB04-357 |
GNU
DXFscope 0.2 |
GNU DXFscope dxfin() Buffer Overflow |
High |
SB04-357 |
GNU
InetUtils 1.4.2 |
GNU InetUtils TFTP Client Remote Buffer Overflow
|
High |
SB04-336
SB04-308 |
GNU
jcabc2ps 20040902 |
GNU jcabc2ps switch_voice() Buffer Overflow |
High |
SB04-357 |
GNU
jpegtoavi 1.5 |
GNU jpegtoavi get_file_list_stdin() Buffer Overflow |
High |
SB04-357 |
GNU
LibTool 1.5.x |
LibTool Insecure Temporary Directory Creation
|
High |
CyberNotes-2004-03 |
GNU
Mailman 1.0, 1.1, 2.0 beta3 - beta5, 2.0- 2.0.13, 2.1, 2.3 |
|
Low |
SB04-119
SB04-077
SB04-058 |
GNU
MPlayer 1.0pre5 |
GNU MPlayer ASF Streams Processing Buffer Overflow |
High |
SB04-364
SB04-357 |
GNU
mysql_auth prior to 0.8 |
GNU mysql_auth Memory Leak |
Not Specified |
SB04-350 |
GNU
NapShare 1.2 |
GNU NapShare auto_filter_extern() Buffer Overflow |
High |
SB04-357 |
GNU
pgn2web 0.3 |
GNU pgn2web process_moves() Buffer Overflow |
High |
SB04-357 |
GNU
PHP-Blogger |
GNU PHP-Blogger Discloses User E-mail Addresses and Passwords |
High |
SB04-364 |
GNU
Radius 0.92.1, 0.93-0.96, 1.1, 1.2 |
GNU Radius SNMP String Remote Denial of Service
CVE Name:
CAN-2004-0849
|
Low |
SB04-266 |
GNU
Radius 1.1 |
GNU Radius Remote Denial Of Service |
Low |
CyberNotes-2004-03 |
GNU
rtf2latex2e 1.0fc2 |
GNU rtf2latex2e ReadFontTbl() Buffer Overflow |
High |
SB04-357
|
GNU
sharutils 4.2.1 |
GNU Sharutils shar Command Line Parsing Buffer Overflow |
High |
SB04-105 |
GNU
Squid-2.5 |
GNU Squid Malformed Host Name |
Medium |
SB04-350 |
GNU
unrtf 0.19.3 |
GNU unrtf process_font_table() Buffer Overflow |
High |
SB04-357 |
GNU
Vim 6.x, GVim 6.x |
GNU Vim / Gvim Modelines Command Execution Vulnerabilities
CVE Name:
CAN-2004-1138
|
Medium |
SB04-357 |
GNU
wget 1.9.1 |
GNU wget File Creation & Overwrite |
Medium |
SB04-350 |
GNU
xine prior to 0.99.3 |
|
High |
SB04-364 |
GNU
xine-lib 1.x |
GNU xine-lib Unspecified PNM and Real RTSP Clients Vulnerabilities |
Not Specified |
SB04-357 |
GNU
Xpdf prior to 3.00pl2 |
GNU Xpdf Buffer Overflow in doImage()
CVE Name:
CAN-2004-1125 |
High |
SB04-364
|
GNU
YACY 0.31 |
GNU YACY Input Validation Hole |
High |
SB04-364 |
GNU
Yet Another MP3 Tool (YAMT) 0.5 |
GNU Yet Another MP3 Tool (YAMT) id3tag_sort() Input Validation Hole |
High |
SB04-357 |
GPL
Xine 1-rc5, 1-rc7 |
GPL Xine open_aiff_file() Buffer Overflow |
High |
SB04-357 |
Greg Wettstein
Sysklogd 1.1-1.4.1 |
Sysklogd Crunch_List Remote Denial of Service
|
Low |
SB04-133 |
Guido Gonzato
abcpp 1.3.0 |
Guido Gonzato abcpp handle_directive() Buffer Overflow |
High |
SB04-357 |
gv Postscript and PDF viewer 3.5.8 and prior
Gentoo |
gv Local Buffer Overflow |
High |
SB04-231 |
H+BEDV Daten-technik
AntiVir 2.0.9-9 |
AntiVir Insecure Temporary File Creation
CVE Name:
CAN-2004-0058 |
Medium |
CyberNotes-2004-02 |
h6p.org
BES-CMS 0.4 rc3, 0.5 rc3 |
BES-CMS Multiple Module File Include |
High |
CyberNotes-2004-01 |
Haserl
Haserl 0.4-0.4.2, 0.5, 0.5.1 |
Haserl Environment Variable Manipulation |
Medium |
SB04-315 |
Heiko Stamer
OpenSkat 1.1-1.9 |
Heiko Stamer openSkat Game Unspecified Security Issues |
Not Specified |
SB04-301 |
Heiko Stamer
OpenSkat 1.1-1.9, 2.0 |
Heiko Stamer OpenSkat Weak Encryption Key Generation |
Medium |
SB04-322 |
Helmut Cantzler
Mesh Viewer 0.2.2 |
Helmut Cantzler Mesh Viewer dxfin() Buffer Overflow |
High |
SB04-357 |
| Hewlett Packard Company
HP-UX 11.x
|
HP-UX Local X Font Server Buffer Overflow |
High |
SB04-175 |
Hewlett Packard Company
HP-UX B.11.00, B.11.11, B.11.22 |
HP SharedX Unspecified Local Insecure File Access |
Low/ Medium
(Medium if unauthorized access can be obtained) |
CyberNotes-2004-02 |
| Hewlett Packard Company
HP-UX B.11.11
|
HP-UX ObAM WebAdmin Unauthorized Access
|
Medium |
SB04-189 |
| Hewlett Packard Company
HP-UX B.11.11, B.11.04, B.11.00
|
HP-UX ARPA Transport Denial of Service
|
Low |
SB04-189 |
| Hewlett Packard Company
HP-UX B.11.23, B.11.22, B.11.11, B.11.00
|
HP-UX Netscape Browser Multiple Vulnerabilities |
Medium/ Low
(Medium is sensitive information can be obtained or unauthorized access can be obtained; and Low if a DoS)
|
SB04-189 |
Hewlett Packard Company
Tru64 UNIX 5.1B PK2 (BL22), PK3 (BL24), V5.1A running IPsec & SSH software kits prior to IPsec 2.1.1 & SSH
3.2.2 h |
Tru64 UNIX Unspecified Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed) |
CyberNotes-2004-02 |
Hewlett Packard Company
Cluster Object Manager B.03.00.01, B.03.00.00, B.02.02.02, B.02.02.00, B.02.01.02, B.01.04, A.01.03, Serviceguard A.11.16.00, A.11.15.00, A.11.14, A.11.13, Serviceguard for Linux A.11.15.04, A.11.14.04 |
HP ServiceGuard & Cluster Object Manager Remote Root Access |
High |
SB04-301 |
Hewlett Packard Company
Compaq Tru64 5.1 b, 5.1 b PK2 (BL22), 5.1 a PK6 (BL24) |
Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalation |
Medium |
SB04-077 |
Hewlett Packard Company
HP-UX B.11.23, B.11.22, B.11.11, B.11.00 |
|
High |
SB04-301 |
Hewlett Packard Company
Open View Operations for HP-UX 7.0, Solaris 7.0, Vantage Point for HP-UX 6.0, Solaris 6.0 |
OpenView Operations/ VantagePoint Remote Authentication Bypass |
Medium |
SB04-105 |
Hewlett Packard Company
OpenView Operations for HP-UX 6.0, 7.0, 8.0, OpenView Operations for Solaris 6.0, 7.0, 8.0 |
HP OpenView Operations Remote Privilege Escalation
|
Medium |
SB04-315 |
Hewlett Packard Company
Tru64 4.0 G PK4, 4.0 F PK8, 5.1 B-2 PK4 (BL25),
4 5.1 B-1 PK3 (BL24), 5.1 A PK6 |
HP Tru64 X Window System Elevated Privileges
|
Medium |
SB04-301 |
Hewlett Packard
HP-UX 11.x |
Hewlett Packard HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability |
High |
SB04-364 |
Hewlett-Packard
HP-UX B.11.23
HP-UX B.11.22
HP-UX B.11.11
HP-UX B.11.00 |
HP-UX Unspecified Flaw in Xfs and stmkfont May Grant Access to Remote Users |
Medium |
SB04-217 |
Hewlett-Packard
HP Internet Express 6.x |
Hewlett-Packard HP Secure Web Server Denial of Service Vulnerability |
Low |
SB04-364 |
Hewlett-Packard
HP Tru64 UNIX 4.x, 5.x |
Hewlett-Packard HP Tru64 TCP Connection Reset Denial of Service |
Low |
SB04-364 |
Hewlett-Packard
HP-UX 11.x |
Hewlett-Packard HP-UX SAM Privilege Escalation Vulnerability |
Medium |
SB04-364 |
Hewlett-Packard
HP-UX 11.x |
HP-UX newgrp Privilege Escalation |
Medium |
SB04-357 |
Hewlett-Packard
HP-UX Process Resource Manager C.02.01[.01] and prior
HP-UX Workload Manager |
HP-UX Process Resource Manager Bug Lets Local Users Corrupt Files |
Medium |
SB04-231 |
Hewlett-Packard
HP-UX release B.11.04 with VirtualVault A.04.50 - A.04.70 or Webproxy A.02.00 - A.02.10 |
HP VirtualVault / Webproxy Multiple Vulnerabilities in Apache |
High |
SB04-231 |
Hitachi
Job Management Partner-1 6 & 7 |
Hitachi Job Management Partner 1 Authentication Flaw & Remote Denial of Service |
Low/Medium
(Medium if unuauthorized access can be obtained)
|
SB04-245 |
Honeyd
Honeyd prior to 0.8 |
Honeyd Remote Virtual Host Detection |
Medium |
CyberNotes-2004-02 |
Horde Project
Caldera
Conectiva
Debian
Gentoo
IMP 2.0, 2.2-2.2.8, 2.3, 3.0
Horde IMP 3.1
Horde IMP 3.1.2
Horde IMP 3.2-3.2.3
|
Horde IMP Cross-Site Scripting |
High |
SB04-175 |
Horde Project
Gentoo
Horde Chora 1.2.1;
Gentoo Linux 1.4
|
Chora Input Validation |
High |
SB04-175 |
html2hdml 1.0.3 |
html2hdml remove_quote() Buffer Overflow |
High |
SB04-357 |
IBM
AIX 4.3.3, 5.1, 5.2 |
AIX ‘diag’ Root Privileges |
High |
CyberNotes-2004-01 |
IBM
AIX 4.3.3, 5.1, 5.2 |
AIX ‘enq’ Format String
CVE Name:
CAN-2003-1018 |
High |
CyberNotes-2004-01 |
IBM
AIX 5.1, 5.2, 5.3 |
IBM AIX Unspecified System Startup Scripts |
Low |
SB04-343 |
IBM
AIX 5.x |
IBM AIX Multiple Privilege Escalation Vulnerabilities |
High |
SB04-357 |
IBM
DB2 Universal Database for AIX 7.0-7.2 |
DB2 Insecure DMS Directory Permissions |
Medium |
|
| IBM
Informix I-Spy 2.0
|
IBM Informix I-Spy 'runbin' Root Privileges |
|
SB04-189 |
IBM Lotus
Lotus Domino 6.0.2 |
Lotus Domino Configuration File Modification
CVE Name:
CAN-2004-0029 |
Medium |
CyberNotes-2004-01 |
IBM
AIX 4.3.3 |
AIX ‘Getlvcb’ Utility Buffer Overflow
|
High |
SB04-091 |
IBM
AIX 4.3.3 |
AIX ‘Putlvcb’ Utility Buffer Overflow
|
High |
SB04-091 |
IBM
AIX 4.3.3 |
GNU Make For IBM AIX CC Path Local Buffer Overflow |
High |
SB04-091 |
IBM
AIX 4.3.3 |
AIX ‘Rexecd’ ROOT Privileges
|
High |
SB04-077 |
IBM
AIX 4.3.3, 5.1 L, 5.1 |
AIX ‘invscoutd’ Insecure Logfile Handling
|
Medium |
SB04-091 |
IBM
AIX 5.1, 5.2 |
AIX Console Command Temporary Files |
Low/ Medium
(Medium if data can be destroyed or elevated privileges obtained)
|
SB04-133 |
IBM
AIX 5.1, 5.2 |
Multiple IBM AIX LVM Utilities Symbolic Link & Buffer Overflows |
Low/ Medium/ High
(Low if a DoS; Medium if data can be corrupt-ed; High if arbitrary code can be executed)
|
SB04-133 |
IBM
AIX 5L Version 5.2 on pSeries, 5.3 on pSeries, 5.2, 5.3 on an i5/OS (iSeries) partition, Tivoli System Automation (TSA) for Linux 1.1, Multiplatforms 1.2, Cluster Systems Management (CSM) for Linux Version 1.4, (version
1.4 and greater), Hardware Management Console (HMC) for pSeries Version 3, , General Parallel File System (GPFS) Version 2 Release 2 on
Linux for xSeries and Linux for pSeries |
IBM Reliable Scalable Cluster Technology (RSCT) File Corruption
CVE Name:
CAN-2004-0828
|
Medium |
SB04-280 |
IBM
AIX 5L Version 5.2 on pSeries, 5.3 on pSeries, 5.2, 5.3 on an i5/OS (iSeries) partition, Tivoli System Automation (TSA) for Linux 1.1, Multiplatforms 1.2, Cluster Systems Management (CSM) for Linux Version 1.4, (version
1.4 and greater), Hardware Management Console (HMC) for pSeries Version 3, , General Parallel File System (GPFS) Version 2 Release 2 on
Linux for xSeries and Linux for pSeries |
IBM Reliable Scalable Cluster Technology (RSCT) File Corruption
CVE Name:
CAN-2004-0828
|
Medium |
SB04-273 |
IBM
Informix Dynamic Server 9.40.UC2 & prior, Informix Extended Parallel Server versions prior to 8.40.UD1 |
Informix Multiple Vulnerabilities |
High |
CyberNotes-2004-03 |
iCab Company
iCab 2.9.8 |
ICab Web Browser Cross-Domain Dialog Box Spoofing |
Medium |
SB04-308 |
id Software, Inc.
mvdsv 0.165 b, 0.171 |
MVDSV Quake Server Remote Buffer Overflow |
High |
CyberNotes-2004-01 |
IglooFTP
IglooFTP 0.6.1 |
IglooFTP download_selection_
recursive() Input Validation Hole |
High |
SB04-357 |
ImageMagick
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8 |
|
High |
SB04-350
SB04-343
SB04-336
SB04-329
SB04-315
SB04-308 |
imwheel.sourceforge.net
IMWheel 1.0 pre11 |
IMWheel Insure File Creation |
Low/Medium
(Medium is elevated privileges can be obtained)
|
SB04-245 |
INCOGEN, Inc.
BugPort 1.0 90-1.0 99, 1.101, 1.108, 1.109, 1.117, 1.119, 1.125, 1.129, 1.133
|
BugPort File Attachment |
High
(High if arbitrary code can be executed)
|
SB04-287 |
InfoTecna s.r.l.
sredird 1.0, 1.1.6-1.1.8, 2.0, 2.1, 2.2, 2.2.1;
Peter Åstrand SERCD 2.3 .0
|
SERCD, SREDIRD Format String & Buffer Overflow |
High |
SB04-245 |
Info-ZIP
Zip 2.3 |
Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow
CVE Name:
CAN-2004-1010
|
High |
SB04-357
SB04-350
SB04-336
SB04-322
SB04-315 |
Inlook
Inlook 0.7.3 & prior |
Inlook ‘/.inlook/. crypt’ Insecure Permissions |
Medium |
CyberNotes-2004-03 |
INL
Ulog-php 0.8, 0.8.1 |
Ulog-php Input Validation |
|
SB04-245 |
Insight Distribution Systems
Conectiva
Debian
Gentoo
PostgreSQL 7.2.1
|
Mkdir Buffer Overflow
|
High /Low
(High if arbitrary code can be executed)
|
SB04-175 |
Inter7
vpopmail (vchkpw) 3.4.1-3.4.11, 4.5, 4.6, 4.7, 4.8, 4.9, 4.9.10, 4.10, 5.2.1, 5.2.2, 5.3.20-5.3.30, 5.4-5.4.2 |
Inter7 Vpopmail Vsybase.c Multiple Vulnerabilities |
Low/ Medium/High
Low if a DoS; Medium if unauthorized access can be obtained; and High if arbitrary code can be executed.
|
SB04-252
SB04-245 |
Inter7
vpopmail (vchkpw) 3.4.1-3.4.11, 4.5-4.10, 5.2.1, 5.2.2, 5.3.20-5.3.30, 5.4-5.4.5 |
Vpopmail SQL Injection |
Medium |
SB04-252
SB04-245 |
Interchange
Interchange 4.8.1- 4.8.9, 5.0 |
Interchange Remote Information Disclosure
CVE Name:
CAN-2004-0374
|
Medium |
SB04-105 |
Internet Software Sciences
Web+Center 4.0.1 |
Web+Center SQL Injection Vulnerability |
|
SB04-217 |
ipcop.org
IPCop 1.4.1, possibly older versions |
IPCop 'proxylog.dat' Cross-Site Scripting |
High |
SB04-336 |
IRCD-Hybrid
ircd-ratbox
ircd-hybrid 7.0.1, ircd-ratbox 1.5.1, 2.0 rc6
|
Multiple ircd Socket Dequeuing Remote Denial of Service
|
Low |
SB04-175 |
ISC
INN 2.4.0 |
INN 'art.c' Remote Buffer Overflow |
High |
CyberNotes-2004-02 |
ISC
DHCPD 2.0.pl5 |
|
High |
SB04-315 |
J Whitham
HTGET 0.93 |
|
High |
SB04-357 |
J. Schilling
CDRTools 2.0, 2.0.1 a18, 2.0.3. |
CDRTools Unspecified Privilege Escalation
CVE Name:
CAN-2004-0806
|
High |
SB04-252
SB04-266 |
J.Schilling
Star Tape Archiver 1.5a09-1.5a45 |
|
High |
SB04-266
SB04-259 |
Jabber Server
jabberd 1.x |
Jabber Server Remote Denial of Service
CVE Name:
CAN-2004-0013 |
Low |
CyberNotes-2004-01 |
Jabber Software Foundation
Jabber Server 2.0 |
Jabber Server Multiple Remote Buffer Overflows
CVE Name:
CAN-2004-0953
|
High |
SB04-336 |
Jabber Studio
Jabber Gadu-Gadu Transport 2.0-2.0.7 |
Jabber Gadu-Gadu Transport Multiple Remote Denials of Service
|
Low |
SB04-077 |
Jabberd project
jabberd 1.4-1.4.3, jadc2s 0.6-0.9
|
jabberd XML Parsing Remote Denial of Service |
Low |
SB04-273 |
James Henstridge
Debian
www-sql 0.5.7 |
|
|
SB04-189 |
Jamie Cameron
Caldera
Gentoo
HP
Mandrake
RedHat
SCO
Webmin 0.1-0.7, 0.8.3-0.8.5, 0.21, 0.22, 0.31, 0.41, 0.42, 0.51, 0.76-0.80, 0.85, 0.88, 0.89, 0.91-0.99, 1.0 90, 1.0 80, 1.0 70, 1.0 60, 1.0 50, 1.0 20, 1.0 00, 1.110, 1.121, 1.130, 1.140
|
Webmin Multiple Remote Vulnerabilities
|
Medium/ Low
(Medium is sensitive information can be obtained)
|
SB04-175 |
Jamie Cameron
Gentoo
Usermin 1.0 70
|
Usermin Cross-Site Scripting
|
High |
SB04-175 |
| Jamie Cameron
Webmin 1.140 |
Webmin Configuration Module Information Disclosure |
Medium |
SB04-175 |
Jamie Cameron
Mandrakesoft
Webmin 1.140
Usermin |
Webmin & Usermin Account Lockout Bypass
CVE Name:
CAN-2004-0582
CAN-2004-0583 |
Medium |
SB04-217
SB04-175
|
Jamie Cameron
Usermin 1.0 80, 1.0 70, 1.0 60, 1.0 51, 1.0 40, 1.0 30, 1.0 20, 1.0 10, 1.0 00, Webmin1.0 90,
1.0 80, 1.0 70, 1.0 60, 1.0 50, 1.0 20, 1.0 00, 1.100, 1.110, 1.121, 1.130, 1.140, 1.150 |
|
Medium |
SB04-273
SB04-266
SB04-259 |
JamieCameron
Usermin 1.070, 1.080 |
Usermin Web Mail |
|
SB04-252 |
Jaws
JAWS 0.3 |
Multiples Vulnerabilities In JAWS |
Medium |
SB04-203 |
Jean-François Moine
abcm2ps 3.7.20 |
Jean-François Moine abcm2ps put_words() Buffer Overflow |
High |
SB04-357 |
Jeff Dike
uml_utilities 20030903 |
Jeff Dike uml_utilities umt_net slip_down() Denial of Service |
Low |
SB04-357 |
Jem Berkes
renattach 1.2, 1.2.1 |
Renattach '--pipe' Input Validation
|
High |
SB04-287 |
Jetty
Jetty 4.1 .0RC4, 4.1 .0, 4.1.1, 4.2.4- 4.2.7, 4.2.9, 4.2.11, 4.2.12, 4.2.14- 4.2.18 |
Jetty Unspecified Denial of Service |
Low |
SB04-091 |
JMB Software, Inc.
AutoRank PHP 2.0.4 |
Autorank PHP Multiple Remote SQL Vulnerabilities |
High |
CyberNotes-2004-01 |
Joachim Wieland
Debian
jftpgw 0.13-0.13.3
|
|
High |
SB04-161 |
Joe Spanicek
ShopCartCGI 2.3 |
ShopCartCGI Directory Traversal |
Medium |
SB04-058 |
Joel Palmius
Mod_ Survey 3.0 .0- 3.0.16 pre1,
3.2 .0-pre1-pre3
|
Mod_Survey Survey Input Field HTML Injection |
High |
SB04-091 |
John Bradley
XV 3.10 a |
XV Multiple Buffer Overflow and Integer Handling |
|
SB04-252
SB04-245 |
John M Grohol
Open Journal 2.0-2.0 5 |
OpenJournal Authentication Bypassing |
Medium |
SB04-058 |
John Sterling
mod_cplusplus 1.1 .0, 1.2, 1.3, 1.3.1, 1.4 .0 |
Mod_cplusplus Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-259 |
Jon Middelton
Psionic Logcheck 1.1.1 |
|
High |
SB04-119 |
Justin C. Kibell
xboing 2.4 |
|
|
SB04-077 |
Justin Simoni
Dada Mail 2.6.4, 2.7, 2.7.1, 2.8, 2.8.2, 2.8.9, 2.8.10 |
Dada Mail Blank List Password & Arbitrary Subscription |
Medium |
CyberNotes-2004-01 |
Kaffeine
Media Player 0.4.2, 0.4.3 b, 0.4.3, 0.5 rc1 |
Kaffeine Media Player Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-322
SB04-308 |
| KAME Project
IPsec-Tools 0.3, rc1-rc5, 0.3.1, 0.3.2;
KAME Racoon, 20040503, 20040407b, 20040405, 20030711
|
KAME Racoon X.509 Certificate Validation |
Medium |
SB04-175 |
KAME Project
Racoon |
Racoon Arbitrary Security Association Deletion |
Low |
CyberNotes-2004-02 |
KAME Project
Racoon 20040405, 20030711, Racoon |
Racoon Remote IKE Message Denial of Service
CVE Name:
CAN-2004-0392
|
Low |
SB04-133 |
KAME Project
Racoon; Apple Mac OS X 10.2.8, 10.3.3, Mac OS X Server 10.2.8, 10.3.3 |
Racoon Malformed ISAKMP Packet Denial of Service
|
Low |
SB04-133
SB04-119 |
KDE
Conectiva
Fedora
Gentoo
RedHat
SGI
Slackware
SuSE
All versions of KDE up to KDE 3.2.2 inclusive
|
|
High |
SB04-161
SB04-147 |
| KDE 3.2.3 and prior |
KDE Insecure Temporary File Creation Vulnerability
CVE Name:
CAN-2004-0690 |
Medium |
SB04-245
SB04-231 |
| KDE 3.2.3 and prior |
Konqueror Frame Injection Vulnerability
CVE Name:
CAN-2004-0721 |
Low |
SB04-287
SB04-259
SB04-245
SB04-231 |
KDE
KDE 3.1.0 - 3.1.4 |
KDE ‘kdepim’ Remote Buffer Overflow
CVE Name:
CAN-2003-0988 |
High |
CyberNotes-2004-02 |
KDE
Konqueror 3.1.4, 3.2.1, 3.2.2 -6 |
KDE Konqueror IFRAME Cross-Domain Scripting |
Medium |
SB04-308 |
KDE.org
Konqueror 3.2.2 -6 |
Konqueror Browser Cross-Domain Dialog Box Spoofing |
Medium |
SB04-301 |
KDE
KDE Konqueror 3.3.1 and prior |
KDE Konqueror Input Validation |
High |
SB04-343
|
KDE
KDE prior to 3.3.2 |
|
Medium |
SB04-357
SB04-350 |
KDE
Konqueror 3.2.1 |
Konqueror Bitmap File Processing Denial of Service |
Low |
SB04-119 |
KDE
Konqueror 3.2.2-6
|
|
Medium |
SB04-357
SB04-350 |
KDE
Konqueror prior to 3.32 |
KDE Konqueror Java Sandbox Vulnerabilities |
High |
SB04-364
SB04-357 |
Kolab
OpenPKG
Mandrake
Kolab Groupware Server 1.0, 1.0.1, 1.0.3, 1.0.5, 1.0.6, 1.0.7, 1.0.8
OpenPKG OpenPKG 2.0
|
Groupware Server OpenLDAP Plaintext Password Storage |
Medium |
SB04-161
SB04-133 |
l2tpd.org
Debian
l2tpd 0.62-0.69
|
L2TPD Buffer Overflow
|
High/Low
(High if arbitrary code can be executed)
|
SB04-161 |
Larry Wall
Perl 5.8.3 |
|
Medium |
SB04-350
SB04-315
SB04-280 |
LaTeX2rtf
LaTeX2rtf 1.9.15 |
LaTeX2rtf Remote Buffer Overflow
|
High |
SB04-273 |
LBL
tcpdump 3.4, 3.5, 3.5.2, 3.6.2, 3.6.3, 3.7, |
OpenBSD Tcpdump Remote Denial of Service
CVE Name:
CAN-2003-1029 |
Low |
CyberNotes-2004-03
CyberNotes-2004-02
CyberNotes-2004-01 |
LBL
Debian
Mandrake
OpenPKG
Trustix
SGI
Slackware
tcpdump 3.4 a6, 3.4, 3.5 alpha, 3.5, 3.5.2, 3.6.2 3.6.3, 3.7-3.7.2, 3.8.1
|
|
Low/High
(High if arbitrary code can be executed)
|
SB04-280
SB04-189
SB04-119
SB04-105 |
LCDProc
LCDProc 0.3, 0.4, 0.4.1 -r1, 4.0, 4.1-4.4 |
LCDd Multiple Remote Vulnerabilities |
High |
SB04-133
SB04-119
SB04-105 |
| ldu.neocrome.net
Land Down Under 700-01-03, 602, 601
|
Land Down Under BBCode Cross-Site Scripting
|
High |
SB04-161 |
Legato Systems, Inc.
Legato Networker 6.0 |
Legato NetWorker ‘NSR_ Shutdown’ Script |
High |
CyberNotes-2004-02 |
leper
Debian
leper 2.0 1-2.0.4, 2.0
|
|
High |
SB04-189
SB04-175 |
LGPL
NASM 0.98.38 |
LGPL NASM error() Buffer Overflow |
High |
SB04-357 |
libtiff.org
LibTIFF 3.6.1 |
|
Low/High
(High if arbitrary code can be execute)
|
SB04-357
SB04-350
SB04-343
SB04-322
SB04-315
SB04-301
SB04-294 |
Lim Unlimited
Crafty 19.3 |
Crafty 'crafty.bin' Buffer Overflow |
High |
SB04-091 |
LinBit Technologies
LINBOX Office server |
LINBOX Officeserver Remote Authentication Bypass & Information Disclosure |
Medium |
SB04-105 |
Linley Henzell
Dungeon Crawl 4.0.0 beta 26 & prior |
|
High |
CyberNotes-2004-03 |
| Linux 2.4.27 |
Linux Kernel sys_chown() Bug May Let Remote NFS Users Modify Group Permissions on Files
CVE Name:
CAN-2004-0497 |
Medium |
SB04-231 |
| Linux Kernel 2.6.7 |
Linux Kernel 'eql.c' Device Driver Error Lets Local Users Crash the System
CVE Name:
CAN-2004-0596 |
Low |
SB04-203 |
Linux kernel
Linux kernel 2.6, test9-CVS, test1- test11, 2.6.1 rc1 & rc2 |
Linux Kernel Samba Share Local Privilege Elevation |
Medium |
SB04-058 |
Linux
Fedora
RedHat
SuSE
Linux kernel 2.4 through 2.4.26, 2.6 through 2.6.7 |
Linux Kernel 64-bit to 32-bit File Offset Conversion Errors Disclose Kernel Memory to Local Users
CVE Name:
CAN-2004-0415 |
High |
SB04-308
SB04-245
SB04-231 |
linux1394.org
Astaro
Caldera
Conectiva
CRUX
Debian
Devil-Linux
Gentoo
Mandrake
RedHat
Slackware
SuSE
Trustix
TurboLinux
WOLK
Linux kernel 2.4.0-test1-test12, 2.4-2.4.27 -pre2, 2.5.0-2.5.69, 2.6, test1-test11, 2.6.1-2.6.7
|
Linux Kernel IEEE 1394 Integer Overflow |
High /Low
(High if arbitrary code can be executed; and Low if a DoS)
|
SB04-189 |
linux-vserver. org
Linux-VServer 1.20-1.24 |
VServer Virtual Server chroot() |
Medium |
SB04-058 |
Little Igloo
LinPopUp 1.2.0 |
Little Igloo LinPopUp strexpand() Buffer Overflow |
High |
SB04-357 |
Live Journal
Live Journal 1.0, 1.1 |
LiveJournal Cross-Site Scripting |
High |
SB04-077 |
LOGICNOW
PerlDesk |
PerlDesk 'lang' Parameter Input Validation |
Medium |
SB04-266 |
MacOSXLabs
RsyncX 2.1 |
RsyncX Local Vulnerabilities |
MediumHigh
(High if arbitrary code can be executed)
|
SB04-266 |
Macromedia
Contribute 2.0, Studio MX 2004
|
Studio MX 2004 /Contribute 2 Local Privilege Escalation |
Medium |
SB04-077 |
Mambo
Mambo Open Source 4.5, 4.6 |
Mambo Open Source ‘mosConfig_ absolute_path’ |
High |
|
| Mandrake
Mandrake Linux 9.1, 9.2, 9.2/AMD64, Corporate Server 2.1, 10.0
|
Libuser Memory Error May Cause Denial of Service Conditions |
Low |
SB04-147 |
| Mandrake
MandrakeSoft Corporate Server 2.1 x86_64-2.1, MandrakeSoft Linux Mandrake 8.2 ppc-10.0
MandrakeSoft Multi Network Firewall 8.2
|
Linux passwd May Truncate Passwords Supplied Via stdin |
Low |
SB04-147 |
Mandrakesoft
logcheck |
Mandrakesoft logcheck Temporary File Vulnerability |
High |
SB04-364 |
Marc Lehmann
RXVT-Unicode 3.4, 3.5 |
RXVT-Unicode Open File Descriptor Leakage |
Medium |
SB04-245 |
Martin Pool
distcc prior to 2.16 |
|
Medium |
SB04-280 |
Martin Schoenert
Unzoo 4.4 |
unzoo Input Validation |
Medium |
SB04-294 |
MathoPD
Mathopd Web Server 1.2, 1.3, 1.3 p4-p8, 1.3 p17, 1.3 p18, 1.4, 1.4p1, 1.5 b13 |
MathoPD Remote Buffer Overflow |
High |
SB04-091 |
MediaWiki
MediaWiki 1.3-1.3.4 |
MediaWiki Raw Page Cross-Site Scripting |
High |
SB04-280 |
MediaWiki
MediaWiki 1.3.8 |
MediaWiki 'images' Arbitrary Script Upload and Execution |
High |
SB04-350 |
Michael Bacarella
ident2 .999 c, 1.3-1, 1.3, 1.4 |
IDent2 Daemon Child_Service Remote Buffer Overflow
CVE Name:
CAN-2004-0408
|
High |
SB04-119 |
Michael 'Ghandi' Herold
vbox3 0.1.7 & prior |
VBox3 For ISDN4Linux Root Access
CVE Name:
CAN-2004-0015 |
High |
CyberNotes-2004-01 |
Michael Hipp
mpg123 0.59r |
Michael Hipp mpg123 find_next_file() Buffer Overflow |
High |
SB04-364
SB04-357 |
Michael Jennings
Eterm 0.8.10, 0.9.1
|
ETerm Window Title Reporting Escape Sequence Command Execution
CVE Name:
CAN-2003-0068
|
High |
SB04-133 |
Michael Kohn
Ringtone Tools 2.22 |
Michael Kohn Ringtone Tools parse_emelody() Buffer Overflow |
High |
SB04-357 |
Michael Kohn
Visual Basic to C/GTK (vb2c) 0.02 |
Michael Kohn Visual Basic to C/GTK (vb2c) gettoken() Buffer Overflow |
High |
SB04-357 |
Michael Krax
Debian
log2mail 0.2.2 .2, 0.2.5 .2, 0.2.5 .1, 0.2.5 .0,
|
|
High |
SB04-161 |
Michael Speck
Lgames LBreakout2 2.0, 2.0.1, 2.1-2.1.2, 2.2-2.2.2 |
|
High |
SB04-077 |
Microsoft
Virtual PC for Mac 6.0, 6.0.1, 6.0.2, 6.1 |
Virtual PC for Mac Temporary File Creation
CVE Name:
CAN-2004-0115
|
|
SB04-058 |
Mihai RUSU
Dizzy unix2tcp 0.7-0.7.2 |
Dizzy unix2tcp Unspecified Buffer Overflow |
Medium/High
(High if arbitrary code can be executed) |
|
MIT
Kerberos 5 1.3.4 |
MIT Kerberos 5 Insecure Temporary File Creation
CVE Name:
CAN-2004-0971
|
Medium |
SB04-308
SB04-280 |
MIT
Debian
Fedora
Gentoo
Immunix
Mandrake
OpenBSD
RedHat
SGI
Sun
Tinysofa
Trustix
Kerberos 5 1.0, 1.0.6, 1.0.8, 1.1, 1.1.1, 1.2.1-1.2.7, 1.3 -alpha1, 5.0 -1.3.3, 5.0 -1.2beta1&2, 5.0 -1.1.1, 5.0 -1.1, 5.0 -1.0.x;
tinysofa enterprise server 1.0 -U1, 1.0 |
Kerberos 5 ‘krb5_aname_to_
localname' Multiple
Buffer Overflows
CVE Name:
CAN-2004-0523
|
High |
SB04-266
SB04-259
SB04-189
SB04-175
SB04-161 |
MIT
Kerberos 5 krb5-1.3.5 and prior |
|
High |
SB04-364 |
MIT
Kerberos 5 krb5-1.3.5 and prior |
|
High |
SB04-357 |
mixplayd
mixplayd 0.53 |
mixplayd Format String Flaw |
High |
SB04-308 |
mod-auth-shadow. Source forge.net
Mod-Auth-Shadow prior to 1.4 |
Mod-Auth-Shadow Apache Module Expired User Password Authentication
CVE Name:
CAN-2004-0041 |
Medium |
CyberNotes-2004-02 |
Modsecurity.org
mod_ mod_security security 1.7.4 |
Apache Mod_Security Module SecFilterScan Post Off-By-One Remote
Buffer Overflow |
High |
SB04-091 |
| MoinMoin
MoinMoin 1.1, 1.2, 1.2.1
|
MoinMoin Group Name Privilege Escalation |
High |
SB04-175 |
| Mollensoft
Lightweight FTP Server version 3.6
|
Mollensoft Lightweight FTP Server CWD Buffer Overflow |
Low |
SB04-147 |
Monit Project Group
TildeSlash Monit 3.0-3.2, 4.0, 4.1, 4.1.1, 4.2, 4.3 Beta 2
|
Multiple Monit Administration Interface Remote Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-105 |
monkeyd.source forge.net
Monkey HTTP Daemon 0.1.4, 0.4-0.4.2, 0.5-0.5.1, 0.6-0.6.3, 0.7.0- 0.7.2, 0.8, 0.8.1 |
Monkey HTTP Daemon Remote Denial of Service
|
Low |
SB04-058 |
Mozilla Foundation
Bugzilla version 2.16.5 and prior
Bugzilla Development version 2.18rc1 and prior |
Multiple Vulnerabilities In Bugzilla |
High |
SB04-203 |
Mozilla.org
Camino 0.7.0, 0.8 |
Mozilla Camino Web Browser Infinite Array Sort Denial of Service |
Low |
SB04-336 |
Mozilla.org
Bugzilla 2.4, 2.6, 2.8, 2.10, 2.12, 2.14-2.14.5, 2.16-2.16.5, 2.17-2.17.7, 2.18 rc1&rc2 |
Mozilla Bugzilla Multiple Authentication Bypass& Information Disclosure
|
Medium |
SB04-336
SB04-308 |
Mozilla.org
Mozilla Browser 1.7, rc1-rc3, beta, alpha, 1.7.1-1.7.3, 1.8 Alpha 1-4, Firefox Preview Release
Mozilla Firefox 0.9, rc, 0.9.1-0.9.3, 0.10, 0.10.1, Thunderbird 0.6, 0.7-0.7.3, 0.8 |
Mozilla Temporary File Insecure Permissions Information Disclosure |
Medium |
SB04-308 |
Mozilla.org
Mozilla Browser 1.7, rc3, 1.7.1, 1.7.2; Firefox 0.9 rc, 0.9-0.9.3 |
Mozilla Firefox Default Installation File Permission
|
High |
SB04-266 |
mpg123.de
mpg123 0.x
|
mpg123 'do_layer2() Function' Remote Buffer Overflow
CVE Name:
CAN-2004-0805
|
High |
SB04-294
SB04-273
SB04-266
SB04-252 |
mpg123.de
mpg123 pre0.59s, 0.59r |
|
High |
SB04-308
SB04-301 |
mpg321 .source forge.net
mpg321 0.x |
mpg321 MP3 File Remote Format String
CVE Name:
CAN-2003-0969 |
High |
CyberNotes-2004-01 |
| mplayerhq.hu
MPlayer HEAD CVS, 0_92 CVS, 0.9 0rc4, 0.90 rc series, 0.90 pre series, 0.90, 0.91, 0.92, 0.92.1, 1.0 pre4, 1.0 pre3try2, 1.0 pre3, 1.0 pre2, 1.0 pre1
|
MPlayer GUI Buffer Overflow
|
High /Low
(High if arbitrary code can be executed; and Low if a DoS)
|
SB04-189 |
Mr. S.K.
LHA 1.14 |
|
High |
SB04-259
SB04-252
SB04-294 |
mtools. linux.lu
MTools 3.9.1- 3.9.9 |
MTools MFormat Root Privileges
|
High |
SB04-077 |
Multiple Vendor
Debian
SuSE
Trustix
rsync 2.6.2 and prior
|
Rsync Input Validation Error in sanitize_path() May Let Remote Users Read or Write Arbitrary Files
CVE Name:
CAN-2004-0792
|
High |
SB04-315
SB04-259
SB04-252
SB04-245
SB04-231
SB04-315
SB04-280 |
Multiple Vendors
GNU glibc 2.3.2, Zebra 0.91a, 0.92a, 0.93b, 0.93a; Quagga Routing Software Suite 0.96.2;
RedHat Advanced Work-station for the Itanium Processor 2.1, Enterprise Linux WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1 |
Spoofed Kernel Netlink Interface Message Denial of Service
CVE Name:
CAN-2003-0859 |
Low |
CyberNotes-2004-01 |
Multiple Vendors
Apple Mac OS X 10.2.8, 10.3.4, 10.3.5, Mac OS X Server 10.2.8, 10.3.4, 10.3.5;
OpenLDAP OpenLDAP 1.0-1.0.3, 1.1-1.1.4, 1.2-1.2.13, 2.0-2.0.23, 2.0.25, 2.0.27, 2.1 .20, 2.1.4, 2.1.10-2.1.19 |
OpenLDAP CRYPT Password Unauthorized
Access
CVE Name:
CAN-2004-0823
|
Medium |
SB04-259 |
Multiple Vendors
Astaro
Conectiva
CRUX
Debian
Devil-Linux EnGarde
Fedora
Gentoo
Mandrake
RedHat
Slackware
SuSE
Trustix
TurboLinux
Wolk
EnGarde Secure Community 2.0, Secure Professional 1.5;
Linux kernel 2.4.18, 2.4.20-2.4.22, 2.4.25, 2.4.26, 2.6.5, 2.6.6 rc1, 2.6.6, 2.6.7 rc1
|
Linux Kernel Assembler Inline Function Denial of Service
CVE Name:
CAN-2004-0554
|
Low |
SB04-189
SB04-175 |
Multiple Vendors
Astaro
Caldera
Conectiva
CRUS
Debian
Devil-Linux
Gentoo
Mandrake
RedHat
Slackware
SuSE
TurboLinux
Trustix
WOLK
Linux kernel 2.4, 2.4 .0-test1-test12, 2.4.1-2.4.27 -pre2
|
Linux Kernel Sbus PROM Driver Multiple Integer Overflow |
High Low
(High if arbitrary code can be executed; and Low if a DoS)
|
SB04-189 |
Multiple Vendors
Astaro
Caldera
Conectiva
CRUX
Debian
Gentoo
Mandrake
RedHat
Slackware
Sun
SuSE
TurboLinux
WOLK
Linux kernel 2.4-2.4.20, 2.5.0-2.5.69
|
Linux Kernel Integer Overflow in i2c Driver |
High |
SB04-175 |
Multiple Vendors
Alexander Lukyanov LFTP 2.3.0, 2.4.9, 2.5.2, 2.6.0, 2.6.3- 2.6.9;
Slackware Linux –current, 8.1, 9.0, 9.1 |
LFTP Buffer Overflows
CVE Name:
CAN-2003-0963 |
High |
CyberNotes-2004-02
CyberNotes-2004-01 |
Multiple Vendors
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4; MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core1&2; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1; Turbolinux Turbolinux Desktop 10.0 |
Apache Web Server Remote IPv6 Buffer Overflow
CVE Name:
CAN-2004-0786
|
Low/High
(High if arbitrary code can be executed)
|
SB04-343
SB04-308
SB04-273
SB04-266 |
Multiple Vendors
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
|
|
SB04-329
SB04-308
SB04-287
SB04-273
SB04-266 |
Multiple Vendors
Astaro Security Linux 4.016, 4.008;
Linux kernel 2.4- 2.4.22, 2.5.0- 2.5.69, 2.6-test1- test6;
Trustix Secure Linux 2.0 |
Linux Kernel ‘do_brk()’ Function Root Access
CVE Name:
CAN-2003-0961 |
High |
CyberNotes-2004-02 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.1.7, 2.1.9, 2.1.10, 2.1.16, 2.2 .0 ALPHA, 2.2.1 BETA, 2.2.2 BETA, 2.2.3-2.2.8; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0-2.2; Ubuntu Linux 4.1 ppc, 4.1 ia64, 4.1 ia32 |
|
High |
SB04-343
SB04-336 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.2.9 & prior |
Cyrus IMAP 'imap magic plus' Buffer Overflow
CVE Name:
CAN-2004-1015
|
High |
SB04-336 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.2.9 & prior |
Multiple Vendors Cyrus IMAP 'imap magic plus' Buffer Overflow
CVE Name:
CAN-2004-1015 |
High |
SB04-343
|
Multiple Vendors Conectiva
Clearswift
Debian
F-Secure
Fedora
Gentoo
Mr. S.K.
RARLAB
RedHat
SGI
Slackware
Stalker
WinZip
Mr. S.K. LHA 1.14, 1.15, 1.17; RARLAB WinRar 3.20; RedHat lha-1.14i-9.i386. rpm; WinZip 9.0; Stalker CGPMcAfee 3.2 |
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-294
SB04-189
SB04-161
SB04-133 |
Multiple Vendors Conectiva
Clearswift
Debian
F-Secure
Fedora
Gentoo
Mr. S.K.
RARLAB
RedHat
SGI
Slackware
Stalker
WinZip
Mr. S.K. LHA 1.14, 1.15, 1.17; RARLAB WinRar 3.20; RedHat lha-1.14i-9.i386. rpm; WinZip 9.0; Stalker CGPMcAfee 3.2 |
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-294 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9 |
|
Medium |
SB04-315
SB04-343 |
Multiple Vendors
Debian
Mandrake
OpenPKG
RedHat
SGI
Slackware
Trustix
Debian Linux 3.0, s/390, ppc, mipsel, mips, m68k, ia‑64, ia‑32, hppa, arm, alpha; rsync 2.3.1, 2.3.2 -1.3, 2.3.2 -1.2, sparc, PPC, m68k, intel, ARM, alpha, 2.3.2, 2.4.0, 2.4.1, 2.4.3‑ 2.4.6, 2.4.8, 2.5.0‑ 2.5.7, 2.6
|
|
Medium |
SB04-315
SB04-280 |
Multiple Vendors
ELM versions 2.5.6 & prior |
|
High |
CyberNotes-2004-03
CyberNotes-2004-02 |
Multiple Vendors
EnGarde Secure Community 1.0.1, 2.0, Secure Professional 1.1, 1.2, 1.5; RedHat rsync-2.4.6-2.i386. rpm, 2.4.6-5.i386. rpm, 2.4.6-5.ia64. rpm, 2.5.4-2.i386. rpm, 2.5.5-1.i386 .rpm, 2.5.5-4.i386. rpm, sync sync 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.3- 2.4.6, 2.4.8, 2.5.0- 2.5.6; SGI ProPack 2.3; Slackware Linux –current, Linux 8.1, 9.0, 9.1
|
Sync Daemon Mode Remote Heap Overflow
CVE Name:
CAN-2003-0962
|
High |
CyberNotes-2004-01 |
Multiple Vendors
file 4.11 and prior (Trustix) |
Multiple Vendors 'File' Processing ELF Headers Stack Overflow |
|
SB04-357
SB04-350 |
Multiple Vendors
FreeBSD 4.4-5.0; ISC BIND 8.2.3- 8.2.7, 8.3.0- 8.3.6, 8.4, 8.4.1; Sun Solaris 7.0, 7.0_x86, 8.0, 8.0_x86, 9.0, 9.0_x86 |
ISC BIND Negative Cache Poison Denial of Service
CVE Name:
CAN-2003-0914 |
Low |
CyberNotes-2004-02
CyberNotes-2004-01 |
Multiple Vendors
Gaim version 0.75 & prior |
|
High |
SB04-301
SB04-133
SB04-058
CyberNotes-2004-03
|
Multiple Vendors
GD Graphics Library gdlib 1.8.4, 2.0.1, 2.0.20-2.0.23, 2.0.26-2.0.28 |
GD Graphics Library Multiple Remote Buffer Overflows
CVE Name:
CAN-2004-0941
|
High |
SB04-343
SB04-329
SB04-322 |
Multiple Vendors
Gentoo Linux 1.4;
KDE KDE 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3; MandrakeSoft Linux Mandrake 9.2 amd64, 9.2, 10.0 AMD64, 10.0 |
|
Low/Medium
(Low if a DoS)
|
SB04-287
SB04-259 SB04-245 |
Multiple Vendors
Gentoo Linux;
Samba Samba 3.0-3.0.7
|
Multiple Vendors Samba Remote Wild Card Denial of Service
CVE Name:
CAN-2004-0930
|
Low |
SB04-357 |
Multiple Vendors
Gentoo Linux;
Samba Samba 3.0-3.0.7
|
|
Low |
SB04-350
SB04-336
SB04-329
SB04-322 |
Multiple Vendors
GNU Zebra 0.91a, 0.92a, 0.93b, 0.93a; Quagga Routing Software Suite 0.96.2, 0.96.3 |
GNU Zebra / Quagga Remote Denial of Service
CVE Name:
CAN-2003-0795 |
Low |
CyberNotes-2004-01 |
Multiple Vendors
gzip |
|
Medium |
SB04-350
SB04-343 |
Multiple Vendors
IPsec-Tools, 0.1, 0.2-0.2.4, 0.3, rc1-rc4;
KAME Racoon, 20030711
Apple Mac OS X 10.2.8, 10.3.3, Mac OS X Server 10.2.8, 10.3.3
|
Racoon IKE Daemon Unauthorized X.509 Certificate Connection
CVE Name:
CAN-2004-0155
|
Medium |
SB04-133
SB04-105 |
Multiple Vendors
IRSSI 0.8.4- 0.8.8;
MandrakeSoft Linux Mandrake 9.1, 9.1 ppc, 9.2, 9.2 amd64 |
IRSSI Remote Denial of Service
CVE Name:
CAN-2003-1020 |
Low |
CyberNotes-2004-01 |
Multiple Vendors
Linux kernel
2.4.0,
test1- test12, 2.4- 2.4.24
|
Linux Kernel ‘execve()’ Denial of Service |
Low |
SB04-058 |
Multiple Vendors
Linux Kernel 2.2.x, 2.4.x , 2.6,x |
Linux Kernel ‘do_mremap’ Function
CVE Name:
CAN-2003-0985 |
High |
CyberNotes-2004-02
CyberNotes-2004-01 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9 |
Multiple Vendors Linux Kernel Auxiliary Message Layer State Error
CVE Name:
CAN-2004-1016 |
Low |
SB04-357 |
Multiple Vendors
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9 |
Multiple Vendors Linux Kernel IGMP Integer Underflow
CVE Name:
CAN-2004-1137 |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
SB04-357 |
Multiple Vendors
Linux Kernel 2.4.22 & prior |
Linux Kernel R128 Device Driver Privilege Escalation
CVE Name:
CVE-2004-0003
|
Medium |
SB04-058
CyberNotes-2004-03 |
Multiple Vendors
Linux Kernel 2.4.x |
|
Medium |
SB04-364 |
Multiple Vendors
Linux Kernel 2.6.x |
Multiple Vendors Linux Kernel SACF Instruction Privilege Escalation Vulnerability |
Medium |
SB04-364 |
Multiple Vendors
Linux Kernel 2.6.x |
Multiple Vendors Linux Kernel 'sys32_ni_syscall' and 'sys32_vm86_warning' Buffer Overflows
CVE Name:
CAN-2004-1151
|
Low/High
(High if arbitrary code can be executed)
|
SB04-357
SB04-350 |
Multiple Vendors
Linux Kernel versions except 2.6.9 |
Multiple Vendors Linux Kernel TIOCSETD Terminal Subsystem Race Condition
CVE Name:
CAN-2004-0814
|
Low |
SB04-357 |
Multiple Vendors
Linux Security Modules (LSM) |
Multiple Vendors Linux Security Modules Escalation Vulnerability |
High |
SB04-364 |
Multiple Vendors
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.54, 3.23.56, 3.23.58, 3.23.59, 4.0.0-4.0.15, 4.0.18, 4.0.20;
Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0, 2.1 |
MySQL Database Unauthorized GRANT Privilege
CVE Name:
CAN-2004-0957
|
Medium |
SB04-350
SB04-294 |
Multiple Vendors
nfs-utils 1.0.6 |
|
Low |
SB04-357 |
Multiple Vendors
nfs-utils 1.0.6 |
Multiple Vendors nfs-utils "SIGPIPE" TCP Connection Termination Denial of Service
|
Low |
SB04-350 |
Multiple Vendors
OpenSSH 3.0 p1-3.0.2 pl1, 3.0-3.0.2, 3.1-3.5, 3.1pl1, 3.2.2 p1, 3.2.3 p1, 3.3 p1-3.5pl1, 3.6.1 p1&pl2, 3.6.1, 3.7, 3.7.1, 3.7 p1&pl2, 3.7.1 p1, 3.8.1 p1, 3.9.1 pl1 |
OpenSSH-portable Remote Information Disclosure
CVE Name:
CAN-2003-0190
|
Medium |
SB04-343 |
Multiple Vendors
OpenSSL0.9.6c - 0.9.6k, 0.9.7a - 0.9.7c |
|
Low |
SB04-091 |
Multiple Vendors
perl |
Multiple Vendors Perl Insecure Temporary File Creation |
Medium |
SB04-350 |
Multiple Vendors
Perl |
Multiple Vendors Perl File::Path::rmtree() Permission Modification Vulnerability
CVE Name:
CAN-2004-0452 |
Medium |
SB04-364 |
Multiple Vendors
RedHat sysstat-4.0.7-3.i386. rpm;
SGI ProPack 2.3, 2.4;
Sysstat Sysstat 4.0.7, 4.1.1- 4.1.7, 5.0.1
|
|
Low/ Medium
(Medium if data is corrupted or lost)
|
SB04-119
SB04-091
SB04-077 |
Multiple Vendors
Samba 3.0 - 3.0.7; RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, 2.1, ES 3, 2.1 IA64, 2.1, AS 3, 2.1 IA64, 2.1; Ubuntu Linux 4.1 ppc, ia64, ia32 |
Multiple Vendors Samba 'QFILEPATHINFO' Buffer Overflow
CVE Name:
CAN-2004-0882
|
High |
SB04-357 |
Multiple Vendors
Samba 3.0 - 3.0.7; RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, 2.1, ES 3, 2.1 IA64, 2.1, AS 3, 2.1 IA64, 2.1; Ubuntu Linux 4.1 ppc, ia64, ia32 |
|
High |
SB04-350
SB04-336 |
Multiple Vendors
telnetd-ssl |
Multiple Vendors telnetd-ssl SSL_accept error Format String Flaw
CVE Name:
CAN-2004-0998
|
High |
SB04-364 |
Multiple Vendors
Unix Linux kernel 2.4, 2.4 .0-test1
test12, 2.4.1 2.4.25, 2.6, test1 test11, 2.6.1 -rc1&rc2, 2.6.2 2.6.4 |
Multiple Vendors Linux Kernel EXT3 File System Information Leakage
CVE Name:
CAN-2004-0177
|
Medium |
SB04-357 |
Multiple Vendors
Unix Linux kernel 2.4, 2.4 .0-test1
test12, 2.4.1 2.4.25, 2.6, test1 test11, 2.6.1 -rc1&rc2, 2.6.2 2.6.4 |
|
Low/ Medium
(Medium if sensitive information can be obtained)
|
SB04-357 |
Multiple Vendors
Unix OpenBSD 3.3, 3.4;
XFree86 X11R6 4.1 .0, 4.1–12,
4.1–11, 4.2 .0, 4.2 1, 4.2.1 Errata, 4.3 |
Multiple Vendors XFree86 Font Information File Buffer Overflow
CVE Name:
CAN-2004-0083 |
High |
SB04-350
|
| Multiple Vendors
Linux kernel 2.4 .0-test9-2.4.27 -pre1
|
Linux Kernel e1000 Ethernet Card Driver Buffer Overflow Vulnerability |
Low/High (High if arbitrary code can be executed) |
SB04-147 |
| Multiple Vendors
Linux kernel 2.4-2.5.69
|
Linux Kernel STRNCPY Information Leak Vulnerability
CVE Name:
CAN-2003-0465
|
Low |
SB04-147 |
| Multiple Vendors
Linux kernel 2.4.19-2.4.26, SGI ProPack 2.4, SGI ProPack 3.0
|
Linux Kernel Serial Driver Proc File Information Disclosure Vulnerability
CAN-2003-0461
|
Medium |
SB04-147 |
Multiple Vendors
Andreas Steffen
Gentoo
Openswan
strongSwan
Super FreeS/WAN
Andreas Steffen x509 patch 0.9.39, patch 1.5.4, patch 1.5.5;
Gentoo Linux 1.4, rc1-rc3;
Openswan Openswan 1.0.4, 1.0.5, 2.1.1, 2.1.2;
strongSwan strongSwan 2.1.3;
Super FreeS/WAN Super FreeS/WAN 1.99.7 .3
|
FreeS/WAN X.509 Patch Certificate Verification |
Medium |
SB04-189 |
Multiple Vendors
Debian
Fedora
Gentoo
Mandrake
OpenPKG
RedHat
SGI
Slackware
Trustix
libpng 1.0, 1.0.5- 1.0.14, libpng3 1.2 .0- 1.2.5;
OpenPKG 1.3, 2.0;
RedHat libpng-1.2.2-16.i386 .rpm, libpng-1.2.2-20.i386. rpm, libpng-devel-1.2.2-20.i386. rpm, ibpng10-1.0.13-11.i386. rpm, libpng10-1.0.13-8.i386. rpm, libpng10-devel-1.0.13-11.i386. rpm, libpng10-devel-1.0.13-8.i386. rpm;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1
|
LibPNG PNG Image Remote Denial of Service
CVE Name:
CAN-2004-0421
|
Low |
SB04-161
SB04-133 |
Multiple Vendors
Debian
Mandrake
OpenPKG
RedHat
SGI
Slackware
Trustix
Debian Linux 3.0, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
sync 2.3.1, 2.3.2 -1.3, 2.3.2 -1.2, sparc, PPC, m68k, intel, ARM, alpha, 2.3.2, 2.4.0, 2.4.1, 2.4.3- 2.4.6, 2.4.8, 2.5.0- 2.5.7, 2.6
|
|
Medium |
SB04-161
SB04-133 |
Multiple Vendors
Engarde
Fedora
Mandrake
SGI
Slackware
SuSE
TurboLinux
Linux kernel 2.4, 2.4 .0-test1- test12, 2.4.1- 2.4.26, 2.6, 2.6 -test1-test12, 2.6.1, rc1&rc2, 2.6.2- 2.6.5
|
|
Medium |
SB04-161
SB04-133 |
Multiple Vendors
Fedora
Mandrake
Slackware
RedHat
SGI
Slackware Linux –current, 9.1;
utempter utempter 0.5.2, 0.5.3 |
|
Low/
High
(Low if a DoS; and High if root privileges can be obtained)
|
SB04-308
SB04-189
SB04-133
SB04-119 |
Multiple Vendors
Fedora
Mandrake
SuSE
Linux kernel 2.5.0- 2.5.69, 2.6, 2.6 -test1- test11, 2.6.1, rc1&rc2, 2.6.2- 2.6.5
|
Linux Kernel CPUFreq Proc Handler Information Disclosure
CVE Name:
CAN-2004-0228
|
Medium |
SB04-161
SB04-133
SB04-119 |
Multiple Vendors
Fedroa
SuSE
Linux kernel 2.6,
Linux kernel 2.6.1, rc1-rc2, 2.6.2-2.6.5, 2.6.6, rc1, 2.6.7, rc1;
S.u.S.E. Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, Linux Admin-CD for Firewall , Linux Connectivity Server, Linux Database Server, Linux Enterprise Server 8, 7, Linux Firewall on CD, Linux Office Server, Office Server, eMail Server 3.1, eMail Server III
|
Linux Kernel IPTables Sign Error Remote Denial of Service
|
Low |
SB04-189 |
Multiple Vendors
Gentoo
Xine
Slackware
MPlayer 1.0 pre3try2;
xine-lib 1- rc3a-rc3c, 1-rc2, 1-beta1- beta11
|
MPlayer/Xine-Lib Multiple RealRTSP Buffer Overflows
|
High |
SB04-161
SB04-133 |
Multiple Vendors
SGI
Slackware
SuSE
TurboLinux
Linux kernel 2.4.0-test1- test12, 2.4- 2.4.25
|
Linux Kernel Panic Function Call Buffer Overflow
CVE Name:
CAN-2004-0394
|
Medium |
SB04-161
SB04-133 |
Multiple Vendors
Angus Mackay ez-ipupdate 3.0.11 b8, 3.0.11 b5; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux |
|
High |
SB04-322 |
Multiple Vendors
Anthon vander Neut cvsup-16.1h-2.i386. rpm;
SuSE Linux 8.2, 9.0
|
Third-party CVSup Binary Insecure ELF RPATH Library Replacement |
High |
CyberNotes-2004-03 |
Multiple Vendors
Apache Software Foundation Apache 2.0, 2.0.28, 2.0.32, 2.0.35-2.0.50; Gentoo Linux 1.4;
MandrakeSoft Linux Mandrake 9.2, amd64,10.0, AMD64; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1; Turbolinux Turbolinux Desktop 10.0 |
Apache Web Server Configuration File Buffer Overflow
CVE Name:
CAN-2004-0747
|
High |
SB04-273
SB04-266 |
Multiple Vendors
Apple Mac OS X 10.2-10.2.8, 10.3 -10.3.5, OS X Server 10.2-10.2.8, 10.3 -10.3.5; Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1,
1.1.4-5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.21 |
|
Medium |
SB04-329
SB04-301
SB04-294
SB04-287 |
Multiple Vendors
ArX Distributed Revision Control System 1.0 pre10-pre16, 1.0.17, 1.0.18;
Cadaver WebDAV Client 0.20 .0- 0.20.5, 0.21 .0, 0.22.0;
Neon Client Library 0.19.3, 0.23- 0.23.8, 0.24- 0.24.4;
Netwosix Netwosix Linux 1.0, 1.1;
RedHat Advanced Work-station for the Itanium Processor 2.1, Enterprise Linux WS 2.1, ES 2.1, AS 2.1
|
WebDAV Client Library Format String Vulnerabilities
CAN-2004-0179
|
|
SB04-280
SB04-119
|
Multiple Vendors
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc,
9.2, amd64, 10.0, AMD64,
MandrakeSoft Multi Network Firewall 8.2; MIT Kerberos 5 1.0, 1.0.6, 1.0.8, 1.1, 1.1.1, 1.2-1.2.8, 1.3 -1.3.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core2, Core1;
Sun SEAM 1.0.2 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-343
SB04-280
SB04-266
SB04-252 |
Multiple Vendors
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc,
9.2, amd64, 10.0, AMD64,
MandrakeSoft Multi Network Firewall 8.2; MIT Kerberos 5 1.2.2-1.2.8, 1.3 -1.3.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core2, Core1;
Sun Solaris 9.0, 9.0 _x86 |
MIT Kerberos 5 ASN.1 Decoder Remote Denial of Service
CVE Name:
CAN-2004-0644
|
Low |
SB04-343
SB04-266
SB04-252 |
Multiple Vendors
CVS 1.10.7, 1.10.8, 1.11, 1.11.1 p1, 1.11.1- 1.11.6, 1.11.10, 1.11.11, 1.11.14, 1.12.1, 1.12.2, 1.12.5;
FreeBSD FreeBSD 4.10-PRE-Release, 4.0.x, 4.0 –RELENG, alpha, 4.0, 4.1- 4.1.1, 4.2- 4.9;
Netwosix Linux 1.0, 1.1;
RedHat Advanced Workstation for the Itanium Processor 2.1
RedHat cvs-1.11.2-10.i386. rpm, Enterprise Linux WS 3, 2.1, ES 3, 2.1, AS 3, 2.1; Slackware Linux –current, 8.1, 9.0, 9.1 |
|
Medium |
SB04-119 |
Multiple Vendors
Davfs Davfs2 0.2 .0-0.2.2;
Gentoo Linux |
Davfs2 Insecure Temporary File Creation |
Medium |
SB04-322 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0 |
|
|
SB04-322
SB04-301 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions |
Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows
CVE Names:
CAN-2004-0888
CAN-2004-0889 |
High |
SB04-343 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Ecartis Ecartis 0.129 a, 1.0 .0 snapshot 20030417, 20030416, 20030404, 20030318, 20030312, 20030309, 20030303, 20030227, 20021013, 20020514, 20020427, 20020125, 20020121 |
Ecartis Remote Administrator Privileges
CVE Name:
CAN-2004-0913 |
High |
SB04-301 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; GNU Emacs 20.0-20.6, 21.2
|
Emacs film Library Insecure Temporary File Creation
CVE Name:
CAN-2004-0422
|
Medium |
SB04-280
SB04-133 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; libpng libpng 1.0, 1.0.5-1.0.17, ibpng3 1.2 .0-1.2.6; SuSE Linux 9.; Ubuntu ubuntu 4.1 ppc, 4.1 ia64, 4.1 ia32 |
LibPNG Graphics Library Image Height Buffer Overflow
CVE Name:
CAN-2004-0955
|
High |
SB04-301 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNU Emacs 20.0-20.6, 21.2
|
Multiple Vendors Emacs film Library Insecure Temporary File Creation
CVE Name:
CAN-2004-0422
|
Medium |
SB04-357 |
Multiple Vendors
Easy Software Products CUPS 1.1.14-1.1.20; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1
|
|
Low |
SB04-350
SB04-294
SB04-287
SB04-280
SB04-273
SB04-266 |
Multiple Vendors
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14 |
IMLib/IMLib2 Multiple BMP Image
Decoding Buffer Overflows
CVE Names:
CAN-2004-0817
CAN-2004-0802 |
Low/High
(High if arbitrary code can be executed)
|
SB04-350
SB04-343
SB04-252
SB04-301
SB04-273
SB04-266
SB04-259 |
Multiple Vendors
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5;
OpenPKG Current, 2.0, 2.1;
zlib 1.2.1 |
Zlib Compression Library Remote
Denial of Service
CVE Name:
CAN-2004-0797
|
Low |
SB04-308
SB04-301
SB04-280
SB04-259
SB04-245 |
Multiple Vendors
FreeBSD 4.8-4.10, 5.1, 5.2, 5.2.1-RELEASE; Thomas Graf bmon 1.2.1 |
BMON Arbitrary Code Execution
|
High |
SB04-301 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4, rc1-rc3; GNU glibc 2.0-2.0.6, 2.1, 2.1.1-6, 2.1.1, 2.1.2, 2.1.2-10, 2.1.3, 2.1.9 & greater, 2.2-2.2.5, 2.3-2.3.4 |
GLibC LD_DEBUG Information Disclosure
|
Medium |
SB04-245 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4_rc1-3, 1.4;
Midnight Commander 4.5.40- 4.5.55, 4.6;
SGI ProPack 2.3, 2.4
|
|
Low/ Medium/ High
(Low if a DoS; Medium is unauthorized access can be obtained; and High if arbitrary code can be executed)
|
SB04-161
SB04-133 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4_rc1-rc3, 1.4;
MPlayer MPlayer 0.90 rc series, 0.90 pre series, 0.90, 0.91, 1.0 pre1
|
MPlayer Remote ‘Location’ HTTP header, Buffer Overflow |
High |
SB04-105 |
Multiple Vendors
Gentoo Linux 1.4;
KDE KDE 3.2-3.2.3;
MandrakeSoft Linux Mandrake 9.2 amd64, 9.2, 10.0 AMD64, 10.0 |
KDE DCOPServer Insecure Temporary File Creation
CVE Name:
CAN-2004-0690
|
Medium |
SB04-259 |
Multiple Vendors
Gentoo Linux 1.4;
KDE KDE 3.1.3, 3.2, 3.0- 3.0.3, 3.0.5b, 3.0.5, 3.1-3.1.3, 3.1.5, 3.2.1, 3.2.3;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64 |
|
Medium |
SB04-266
SB04-259
SB04-245 |
Multiple Vendors
Gentoo Linux 1.4;
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1, Desktop 3.0, t Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, 2.1 IA64, 2.1, AS 3, AS 2.1 IA64, AS 2.1'
Trolltech Qt 3.0, 3.0.5, 3.1, 3.1.1, 3.1.2, 3.2.1, 3.2.3, 3.3 .0, 3.3.1, 3.3.2 |
|
High |
SB04-301
SB04-287
SB04-273
SB04-245
|
Multiple Vendors
Gentoo Linux, 1.4; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0, 1.0.1; Slackware Linux -current, 9.0, 9.1, 10.0 |
|
High |
SB04-315
SB04-308
SB04-301 |
Multiple Vendors
Gentoo Linux;
Jean-Jacques Sarton mtink 0.9.32, 0.9.33, 0.9.53, 1.0.4 |
MTink Insecure Temporary File Creation |
Medium |
SB04-322 |
Multiple Vendors
Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0 |
|
Low/ Medium/High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-343
SB04-336
SB04-329 |
Multiple Vendors
Gentoo Linux;
RedHat Fedora Core3, Core2;
SUSE Linux 8.1, 8.2, 9.0-9.2, Desktop 1.0, Enterprise Server 9, 8, Novell Linux Desktop 1.0;
X.org X11R6 6.7 .0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0-4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1
4.3 .0 |
Multiple Vendors LibXPM Multiple Vulnerabilities
CVE Name:
CAN-2004-0914
|
Low/ Medium/High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-350 |
Multiple Vendors
glibc 2.2 |
Multiple Vendors glibc Buffer Overflow
CVE Name:
CAN-2002-0029
CAN-2004-0968
|
Low |
SB04-357 |
Multiple Vendors
GNOME Gdk Pixbuf 0.18, 0.20; RedHat Advanced Workstation for the Itanium Processor 2.1, Enterprise Linux WS 3, 2.1, ES 3, 2.1, AS 3, AS 2.1, gdk-pixbuf-0.18.0-7.i386. rpm, gdk-pixbuf-devel-0.18.0-7.i386. rpm, gdk-pixbuf-gnome-0.18.0-7.i386. rpm |
|
Low |
SB04-077 |
Multiple Vendors
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4; MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64; RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-301
SB04-280
SB04-273
SB04-266
|
Multiple Vendors
iproute2 |
Multiple Vendors iproute Denial of Service |
Low |
SB04-350 |
Multiple Vendors
Linux Kernel |
Multiple Vendors Linux Kernel USB io_edgeport Driver Integer Overflow |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
SB04-350 |
Multiple Vendors
Linux kernel
2.4.0,
test1- test12, 2.4- 2.4.24
|
Linux Kernel NCPFS ncp_lookup() Arbitrary Code Execution
CVE Name:
CAN-2004-0010
|
High |
SB04-077
SB04-058 |
Multiple Vendors
Linux kernel
2.4.0,
test1- test12, 2.4- 2.4.24
|
|
Medium |
SB04-077
SB04-058 |
Multiple Vendors
Linux kernel 2.2- 2.2.24, 2.4.0,
test1-test12, 2.4- 2.4.24, 2.6. text1- test10, 2.6.1- 2.6.2;
Netwosix Netwosix Linux 1.0; RedHat kernel-2.4.20-8, athlon. rpm, i386.rpm, i686.rpm, kernel-bigmem-2.4.20-8.i686. rpm, kernel-BOOT-2.4.20-8.i386. rpm, kernel-doc-2.4.20-8.i386. rpm, kernel-smp-2.4.20-8, athlon. rpm, i686.rpm, kernel-source-2.4.20-8.i386. rpm |
|
High |
SB04-077
SB04-058 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.27 |
Multiple Vendors Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification
CVE Name:
CAN-2004-1068
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-357 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.27 |
Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification
CVE Name:
CAN-2004-1068
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-350
SB04-329 |
Multiple Vendors
Linux kernel 2.4, 2.4 .0-test1-
test12, 2.4.1- 2.4.25
|
Linux Kernel ISO9660 File System Buffer Overflow
CVE Name:
CAN-2004-0109
|
High |
SB04-133
SB04-119 |
Multiple Vendors
Linux kernel 2.4, 2.4 .0-test1-
test12, 2.4.1- 2.4.25, 2.6, test1- test11, 2.6.1 -rc1&rc2, 2.6.2- 2.6.4
|
Linux Kernel XFS File System Information Leakage
CVE Name:
CAN-2004-0133
|
Medium |
SB04-133
SB04-119 |
Multiple Vendors
Linux kernel 2.4, 2.4 .0-test1-
test12, 2.4.1- 2.4.25, 2.6, test1- test11, 2.6.1 -rc1&rc2, 2.6.2- 2.6.4
|
|
Low/ Medium
(Medium if sensitive information can be obtained)
|
SB04-133
SB04-119 |
Multiple Vendors
Linux kernel 2.4, 2.4 .0-test1-
test12, 2.4.1- 2.4.25, 2.6, test1- test11, 2.6.1 -rc1&rc2, 2.6.2- 2.6.4
|
Linux Kernel EXT3 File System Information Leakage
CVE Name:
CAN-2004-0177
|
Medium |
SB04-133
SB04-119 |
Multiple Vendors
Linux kernel 2.4, 2.4.0-test1- test 12, 2.4.1- 2.4.21 |
Multiple Local Linux Kernel Vulnerabilities |
Low/ Medium
(Medium if sensitive information can be obtained)
|
SB04-091 |
Multiple Vendors
Linux kernel 2.4.0-test1- 2.4.0-test12, 2.4, 2.4.1- 2.4.25, 2.6, 2.6 -test1- 2.6 -test11, 2.6.1 -rc1&rc2, 2.6.2, 2.6.3 |
Linux Kernel Sigqueue Blocking Denial of Service |
Low |
SB04-119 |
Multiple Vendors
Linux kernel 2.4.22 |
Linux kernel i810 DRM driver Unspecified Vulnerability |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
SB04-119 |
Multiple Vendors
Linux kernel 2.4.22, 2.4.23, 2.4.23 -ow2, 2.4.23 -pre9, 2.4.24, 2.4.24 -ow1, 2.4.25, 2.6.1, rc1&4c2, 2.6.2, 2.6.3 |
Linux Kernel MCAST_ MSFILTER Integer Overflow
CVE Name:
CAN-2004-0424
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-133
SB04-119 |
Multiple Vendors
Linux Kernel 2.4.27 |
Linux Kernel TCP Socket Denial of Service |
Low |
SB04-259 |
Multiple Vendors
Linux Kernel 2.4.28 & prior |
|
Medium |
SB04-336 |
Multiple Vendors
Linux Kernel 2.4.x |
Multiple Vendors Linux Kernel Floating Point Register Contents Leak
CVE Name:
CAN-2004-0565
|
Medium |
SB04-357 |
Multiple Vendors
Linux Kernel 2.4-2.4.27, 2.6-2.6.8 |
Linux Kernel BINFMT_ELF Loader Multiple Vulnerabilities
|
MediumHigh
(High if arbitrary code can be executed)
|
SB04-336
SB04-322 |
Multiple Vendors
Linux Kernel 2.4-2.4.27, 2.6-2.6.8 SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9
|
Multiple Vendors Linux Kernel BINFMT_ELF Loader Multiple Vulnerabilities
CVE Names:
CAN-2004-1070
CAN-2004-1071
CAN-2004-1072
CAN-2004-1073 |
Medium/High
(High if arbitrary code can be executed)
|
SB04-357
SB04-343 |
Multiple Vendors
Linux Kernel 2.4-2.4.27, 2.6-2.6.9; Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0-2.2;
Ubuntu Linux 4.1 ppc, 4.1 ia64, 4.1 ia32 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-336
SB04-329 |
Multiple Vendors
Linux Kernel 2.4-2.4.27, 2.6-2.6.9; Trustix Secure Enterprise Linux 2.0, Secure Linux 1.5, 2.0-2.2;
Ubuntu Linux 4.1 ppc, 4.1 ia64, 4.1 ia32; SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9
|
Multiple Vendors smbfs Filesystem Memory Errors Remote Denial of Service
CVE Names:
CAN-2004-0883
CAN-2004-0949 |
Low/High
(High if arbitrary code can be executed)
|
SB04-357
SB04-343 |
Multiple Vendors
Linux Kernel 2.6 - 2.6.10 r2 |
Multiple Vendors Linux Kernel SYS_IA32.C Buffer Overflow |
High |
SB04-350 |
Multiple Vendors
Linux Kernel 2.6 - 2.6.10 rc2 |
Multiple Vendors Linux Kernel PROC Filesystem Local Information Disclosure
CVE Name:
CAN-2004-1058 |
Medium |
SB04-357 |
Multiple Vendors
Linux Kernel 2.6 - 2.6.10 rc2 |
Multiple Vendors Linux Kernel Sock_DGram_SendMsg Local Denial of Service
CVE Name:
CAN-2004-1069
|
Low |
SB04-357 |
Multiple Vendors
Linux Kernel 2.6 - 2.6.10 rc2 |
Multiple Vendors Linux Kernel Local DRM Denial of Service
CVE Name:
CAN-2004-1056 |
Low |
SB04-357 |
Multiple Vendors
Linux Kernel 2.6 - 2.6.9 |
Multiple Vendors Linux Kernel 64 Bit ELF Header Local Denial of Service |
Low |
SB04-350 |
Multiple Vendors
Linux Kernel 2.6 - 2.6.9, 2.4 - 2.4.28 |
Multiple Vendors Linux Kernel ip_options_get() and vc_resize() Integer Overflows |
Low |
SB04-357 |
Multiple Vendors
Linux Kernel 2.6 -test1-test11, 2.6, l 2.6.1 -rc1&rc2, 2.6.1- 2.6.9;
SuSE Linux 8.2, 9.0-9.2 |
Linux Kernel AIO_Free_Ring Denial of Service
|
Low |
SB04-350 |
Multiple Vendors
Linux kernel 2.6 -test1-test11, 2.6-l 2.6.8; SuSE Linux 9.1 |
Linux Kernel IPTables Logging Rules Remote Denial of Service
CVE Name:
CAN-2004-0816
|
Low |
SB04-315
SB04-301 |
Multiple Vendors
Linux kernel 2.6.8 rc1-rc3 |
Multiple Vendors Linux Kernel ReiserFS File System Local Denial of Service
CVE Name:
CAN-2004-0814
|
Low |
SB04-357 |
Multiple Vendors
Linux kernel 2.6.8 rc1-rc3 |
Linux Kernel ReiserFS File System Local Denial of Service
CVE Name:
CAN-2004-0814
|
Low |
SB04-308 |
Multiple Vendors
Linux kernel 2.6.x, 2.4.x |
Linux Kernel Local DoS & Memory Content Disclosure |
Low/ Medium
(Medium if sensitive information can be obtained)
|
SB04-336 |
Multiple Vendors
Linux Kernel 2.6.x, 2.4.x |
Linux Kernel ide-cd SG_IO Security Restriction Bypass
CVE Name:
CAN-2004-0813
|
Medium |
SB04-273 |
Multiple Vendors
Linux kernel 2.6.x, 2.4.x , SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Turbolinux Turbolinux Server 10.0 |
Multiple Vendors Linux Kernel Local DoS & Memory Content Disclosure
CVE Name:
CAN-2004-1074 |
Low/ Medium
(Medium if sensitive information can be obtained)
|
SB04-357
SB04-343 |
Multiple Vendors
Linux kernel 2.6-2.6.5 |
Linux Kernel Local IO Access Inheritance |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
SB04-133 |
Multiple Vendors
Linux Kernel AMD64/EM64T prior to 2.4.23 |
Multiple Vendors Linux Kernel AMD64/EM64T TSS Limit Elevated Privileges
CVE Name:
CAN-2004-0812
|
Medium |
SB04-343
|
Multiple Vendors
Linux kernel kernel 2.2- 2.2.25, 2.4 .0-test1-test11, 2.4-2.4.27, 2.6 -2.6.8 |
|
Low/ Medium
(Medium if sensitive information can be obtained)
|
SB04-301
SB04-245 |
Multiple Vendors
Linux Kernel USB Driver prior to 2.4.27 |
|
Medium |
SB04-343 |
Multiple Vendors
Linux Kernel USB Driver prior to 2.4.27 |
Multiple Vendors Linux Kernel USB Driver Kernel Memory
CVE Name:
CAN-2004-0685
|
Medium |
SB04-357 |
Multiple Vendors
LinuxPrinting.org Foomatic-Filters 3.03.0.2, 3.1;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0, 2.1 |
LinuxPrinting.org Foomatic-Filter Arbitrary Code Execution
CVE Name:
CAN-2004-0801
|
High |
SB04-315
SB04-308
SB04-287
SB04-273
SB04-266
|
Multiple Vendors
Luke Mewburn lukemftp 1.5, TNFTPD 20031217; NetBSD Current, 1.3-1.3.3, 1.4 x86, 1.4, SPARC, arm32, Alpha, 1.4.1 x86, 1.4.1, SPARC, sh3, arm32, Alpha, 1.4.2 x86, 1,4.2, SPARC, arm32, Alpha, 1.4.3, 1.5 x86, 1.5, sh3, 1.5.1-1.5.3, 1.6, beta, 1.6-1.6.2, 2.0 |
TNFTPD Multiple Signal Handler Remote Privilege Escalation
CVE Name:
CAN-2004-0794
|
High |
SB04-301
SB04-273
SB04-266
SB04-259
SB04-245 |
Multiple Vendors
LVM Logical Volume Management Utilities 1.0.4, 1.0.7, 1.0.8 |
Multiple Vendors Trustix LVM Utilities Insecure Temporary File Creation
CVE Name:
CAN-2004-0972
|
Medium |
SB04-343 |
Multiple Vendors
LVM Logical Volume Management Utilities 1.0.4, 1.0.7, 1.0.8 |
Trustix LVM Utilities Insecure Temporary File Creation
CVE Name:
CAN-2004-0972
|
Medium |
SB04-322
SB04-315
SB04-280
|
Multiple Vendors
Mozilla Browser 1.7.2,
Mozilla Firefox 0.9.3;
Netscape Navigator 7.1, 7.2 |
Mozilla/Netscape/Firefox Browsers Content Spoofing |
Medium |
SB04-245 |
Multiple Vendors
MySQL AB MySQL 3.20.32 a, 3.22.26- 3.22.30, 3.22.32, 3.23.2- 3.23.5, 3.23.8- 3.23.10, 3.23.22- 3.23.34, 3.23.36- 3.23.56, 3.23.58, 4.0 .0- 4.0.15, 4.0.18, 4.1.0-0, 4.1 .0-alpha |
MySQL 'mysqld_multi' Insecure Temporary File Handling
CVE Name:
CAN-2004-0388
|
Medium |
SB04-161
SB04-119 |
Multiple Vendors
ncpfs 2.2.1 - 2.2.4 |
Multiple Vendors ncpfs: ncplogin and ncpmap Buffer Overflow
CVE Name:
CAN-2004-1079 |
High |
SB04-364
SB04-357 |
Multiple Vendors
nfs-utils |
Multiple Vendors nfs-utils 'getquotainfo()' Buffer Overflow |
High |
SB04-350
|
Multiple Vendors
Open Group CDE Common Desktop Environment 1.0.1, 1.0.2, 1.1, 1.2, 2.0, 2.1 20, 2.1;
Xi Graphics DeXtop 2.1, 3.0
|
Common Desktop Environment DTLogin XDMCP Parsing |
High |
SB04-091 |
Multiple Vendors
OpenBSD 3.3, 3.4;
XFree86 X11R6 4.1 .0, 4.1–12,
4.1–11, 4.2 .0, 4.2 1, 4.2.1 Errata, 4.3 |
|
|
SB04-058
SB04-077 |
Multiple Vendors
OpenBSD 3.3, 3.4;
XFree86 X11R6 4.1 .0, 4.1–12,
4.1–11, 4.2 .0, 4.2 1, 4.2.1 Errata, 4.3 |
XFree86 Font Information File Buffer Overflow
CVE Name:
CAN-2004-0083
|
|
SB04-058
SB04-077 |
Multiple Vendors
OpenBSD 3.3, 3.4;
XFree86 X11R6 4.1 .0, 4.1–12,
4.1–11, 4.2 .0, 4.2 1, 4.2.1 Errata, 4.3 |
|
|
SB04-077
SB04-058 |
Multiple Vendors
OpenBSD 3.4, 3.5; SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux Enterprise Server 9, 8;
X.org X11R6 6.7.0, 6.8;
XFree86 X11R6 3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1 .0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1, Errata, 4.3.0; Avaya Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0 |
|
High |
SB04-329
SB04-322
SB04-315
SB04-301
SB04-294
SB04-280
SB04-266
|
Multiple Vendors
OpenSSH OpenSSH 3.0, p1, 3.0.1, p1, 3.0.2, p1, 3.1, p1, 3.2, 3.2.2 p1, 3.2.3 p1, 3.3, p1, 3.4, p1 |
OpenSSH ‘SCP’ Client File Corruption
|
Medium |
SB04-119
SB04-091 |
Multiple Vendors
Paul Mackerras PPPD 2.4.1;
Ubuntu Ubuntu Linux 4.1 ppc, ia64, ia32 |
PPPD Remote Denial of Service |
Low |
SB04-308 |
Multiple Vendors
Pr oFTPD Project Pr oFTPD 1.2.9;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0,
2.1
|
Pr oFTPD CIDR Access Control Rule Bypass |
Medium |
SB04-133 |
Multiple Vendors
RedHat Advanced Work-station for the Itanium Processor 2.1, Enterprise Linux ES 2.1, AS 2.1;
SGI ProPack 2.3, 2.4
|
Red Hat Linux GNU Mailman Remote Denial of Service
CVE Name:
CAN-2004-0182
|
Low |
SB04-119 |
Multiple Vendors
Samba 2.2.9, 3.0.8 and prior |
Multiple Vendors Samba smbd Security Descriptor
CVE Name:
CAN-2004-1154
|
|
SB04-364
SB04-357 |
Multiple Vendors
Samba Samba 2.2 a, 2.2 .0a, 2.2 .0, 2.2.1 a, 2.2.2, 2.2.3 a, 2.2.3-2.2.9, 2.2.11, 3.0, alpha, 3.0.1-3.0.5; MandrakeSoft Corporate Server 2.1, x86_64, 9.2, amd64 |
|
Medium |
SB04-287
SB04-280 |
Multiple Vendors
SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux Enterprise Server 9, 8;
Samba 3.0-3.0.6 |
Samba-VScan Remote Denial of Service |
Low |
SB04-266 |
Multiple Vendors
Unix OpenBSD 3.3, 3.4;
XFree86 X11R6 4.1 .0, 4.1–12,
4.1–11, 4.2 .0, 4.2 1, 4.2.1 Errata, 4.3 |
Multiple Vendors Xfree86 Font_Name Buffer Overflow
CVE Name:
CAN-2004-0084 |
|
SB04-350 |
musicdaemon.sourceforge.net
Music daemon 0.1-0.3 |
Music Daemon Information Disclosure |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-245 |
Mutt.org
Mutt
1.2 –1, 1.2.5 .1, 1.2.5 –5, 1.2.5 –4, 1.2.5 -12OL, 1.2.5 –12, 1.2.5 –1, 1.2.5, 1.3.12 –1, 1.3.12, 1.3.16, 1.3.17, 1.3.22, 1.3.24, 1.3.25, 1.3.27, 1.3.28,
1.4 .0, 1.4.1
|
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-105
SB04-058 |
MySQL AB
MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, 3.23 .x, 3.23.2-3.23.5, 3.23.8-3.23.10, 3.23.22-3.23.34, 3.23.36-3.23.56, 3.23.58, 4.0.0-4.0.15, 4.0.18, 4.0.20, 4.1 .0-alpha, 4.1 .0-0, 4.1.2 -alpha, 4.1.3 -beta, 4.1.3 -0, 5.0 .0-alpha, 5.0 .0-0 |
MySQL Mysql_real_connect Function Remote Buffer Overflow
CVE Name:
CAN-2004-0836
|
|
SB04-350
SB04-329
SB04-315
SB04-294 |
MySQL AB
MySQL 3.23.49, 4.0.20 |
MySQL 'Mysqlhotcopy' Script Elevated Privileges
CVE Name:
CAN-2004-0457
|
Medium |
SB04-252
SB04-245 |
MySQL AB
MySQL 3.23.49, 4.0.20 |
MySQL
'Mysqlhotcopy' Script Elevated Privileges
CVE Name:
CAN-2004-0457
|
Medium |
SB04-350
SB04-336
SB04-315
SB04-301
SB04-259 |
MySQL AB
MySQL 3.x, 4.x
|
|
Low/Medium
(Low if a DoS; and Medium if security restrictions can be bypassed)
|
SB04-350
SB04-336
SB04-329
SB04-315
SB04-294 |
MySQL AB
MySQL 4.0.0-4.0.15, 4.0.18, 4.0.20 |
MySQL Remote Denial of Service |
Low |
SB04-294 |
MySQL AB
MySQL 4.0.18 |
MySQL Insecure Temporary File Creation |
Medium |
SB04-280 |
MySQL AB
MySQL version 4.1.0 up to but not including MySQL version 4.1.3;
MySQL version 5.0 |
MySQL Authentication Scheme Bypass |
High |
SB04-203 |
MySQL AB
MySQL version 4.1.0 up to but not including MySQL version 4.1.3;
MySQL version 5.0 |
MySQL Authentication Scheme Bypass |
High |
SB04-203 |
MySQL AB
MySQL 3.20.32 a, 3.22.26- 3.22.30, 3.22.32, 3.23.2- 3.23.5, 3.23.8- 3.23.10, 3.23.22- 3.23.34, 3.23.36- 3.23.56, 3.23.58, 4.0.0- 4.0.15, 4.1.0-alpha, 4.1.0-0 |
MySQL 'mysqlbug' Temporary File |
Low/ Medium
(Medium if data is destroyed or corrupted)
|
SB04-091 |
MySQL.com
MySQL prior to 4.1.5 |
MySQL libmysqlclient Buffer Overflow |
Not Specified |
SB04-273 |
Namazu Project
Namazu 2.0.13 and prior |
Namazu Cross-Site Scripting Vulnerability |
High |
SB04-357 |
Nathaniel Bray
Yeemp 0.5, 0.5.1, 0.9.9 |
Nathaniel Bray Yeemp File Transfer Public Key Verification Bypass |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-287 |
Nathaniel S.Borenstein
Metamail 2.7 |
Metamail Extcompose Program Symlink |
Low/ Medium
(Medium if elevated privileges can be obtained)
|
SB04-077 |
Nav!d
ASP-rider |
Nav!d ASP-rider "username" SQL Injection Vulnerability |
High |
SB04-364 |
NcFTP Software
NcFTP 3.0 .0- 3.0.4, 3.1.0- 3.1.7 |
NcFTP Information Disclosure |
Medium |
SB04-119 |
| Nessus prior to version 2.0.12 |
Nessus Race Condition in 'nessus-adduser' May Let Local Users Gain Elevated Privileges |
Medium |
SB04-217 |
Net Integration Technologies Inc.
WvTftp 0.9
|
WvTftp Processing TFTP Options Buffer Overflow |
|
SB04-308 |
Netatalk
Netatalk Open Source Apple File Share Protocol Suite 1.5 pre6, 1.6.1, 1.6.4 |
NetaTalk Insecure Temporary File Creation
CVE Name:
CAN-2004-0974
|
Medium |
SB04-350
SB04-315
SB04-308
SB04-280
|
Netbilling, Inc.
nbmember.cgi |
Netbilling NBMEMBER Script Information Disclosure |
Medium |
SB04-301 |
NetBSD Foundation
NetBSD prior to 2.0 |
NetBSD compat Validation Flaws |
Low/ Medium/High
(Low of a DoS; Medium if elevated privileges can be obtained; and High if root privileges can be obtained)
|
SB04-357 |
| NetBSD
NetBSD 1.x
|
NetBSD Swapctl() Denial of Service
|
Low |
SB04-175 |
| Netenberg
Fantastico De Luxe 2.8
|
cPanel/Fantastico/mysql local vulnerability |
Medium |
SB04-147 |
Netopia
Timbuktu Pro for Macintosh 6.0.1 |
Netopia Timbuktu Server For Apple Mac OSX Remote Buffer Overflow
CVE Name:
CAN-2004-0810
|
Low |
SB04-329 |
Netscape
Netscape Directory Server |
Netscape Directory Server Buffer Overflow |
High |
SB04-364 |
nfs
nfs-utils 1.0, 1.0.1, 1.0.3, 1.0.4, 1.0.6 |
|
Low |
SB04-077 |
Nicolas Rougier
gnubiff |
Nicolas Rougier gnubiff Denial of Service |
Low |
SB04-343 |
Niels Provos
Systrace 1.1-1.4 |
Systrace Local Policy Bypass
|
Medium |
SB04-105 |
NoisyB
flc 1.0.4 & prior |
flc Command Line Buffer Overflow |
High |
SB04-273 |
NTP
NTPd 3.0 |
Network Time Protocol Daemon Integer Overflow |
Low |
SB04-077 |
Nullsoft
SHOUTcast 1.9.4 |
Nullsoft SHOUTcast Format String Flaw |
High |
SB04-364 |
| o3read 0.0.3 |
o3read parse_html() Buffer Overflow |
High |
SB04-357 |
oftpd
oftpd 0.3.0- 0.3.6 |
OFTPD Port Argument Remote Denial of Service
|
Low |
SB04-091 |
Ollivier Robert
Calife 2.8.4 c, 2.8.5 |
Calife Password Arbitrary Code Execution |
High |
SB04-077 |
Ollivier Robert
Calife 2.8.4 c, 2.8.5, 2.8.6 |
Calife Arbitrary Code Execution
|
High |
SB04-077 |
OMail
OMail webmail 0.97.3, 0.98.3, 0.98.5 |
OMail Webmail Remote Command Execution Variant |
High |
SB04-133 |
Omni Group
OmniWeb 5.0.1 |
Omni Group OmniWeb Browser Remote Window Hijacking |
Medium |
SB04-350 |
Omni Group
OmniWeb 5.0.1 |
Omni Group OmniWeb Browser Cross-Domain Dialog Box Spoofing |
Medium |
SB04-308 |
Open Group
Open Motif 2.x, Motif 1.x
|
Open Group Motif / Open Motif libXpm Vulnerabilities
CVE Names:
CAN-2004-0687
CAN-2004-0688 |
High |
SB04-343 |
Open Source Technology Group
Slash CVS versions prior to R_2_5_0_41 |
Open Source Technology Slash Unspecified Vulnerability |
Not Specified |
SB04-357 |
| Open Webmail
Open Webmail 1.7, 1.8, 1.71, 1.81, 1.90, 2.20, 2.21, 2.30-2.32
|
Open WebMail ‘Vacation.pl’ Input Validation |
High |
SB04-189 |
Open Webmail
Open Webmail 1.7, 1.8, 1.71, 1.81, 1.90, 2.3 |
Open WebMail Arbitrary Directory Creation |
Medium |
SB04-105 |
OpenBSD
OpenBSD 3.3, 3.4
|
OpenBSD Procfs Memory Disclosure Vulnerability |
High |
SB04-147 |
OpenBSD
OpenBSD |
OpenBSD Traffic Filtering Circumvention |
Medium |
CyberNotes-2004-01 |
OpenBSD
OpenBSD 3.2-3.5 |
OpenBSD Bridged Network ICMP Denial of Service |
Low |
SB04-245 |
OpenBSD
OpenBSD 3.4 |
OpenBSD Crypto Card Handlers File Descriptor Leak |
Medium |
CyberNotes-2004-02 |
| OpenBSD
OpenBSD –current, 3.0-3.5
|
OpenBSD ISAKMPD Daemon Remote Denial of Service
|
Low |
SB04-175 |
OpenBSD Project
OpenBSD 3.4, 3.5, 3.6 |
OpenBSD isakmpd Error in pfkeyv2_acquire() |
Low |
SB04-357 |
OpenBSD
OpenBSD 3.2, 3.4, 3.5 |
OpenBSD login_radius() Authentication Bypass |
Medium |
SB04-273 |
OpenBSD
OpenBSD 3.3, 3.4 |
OpenBSD httpd Access Unauthorized Access |
Medium |
SB04-091 |
OpenBSD
OpenBSD 3.4 |
OpenBSD ICMPV6 Traffic Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
OpenBSD
OpenBSD –current, 3.3, 3.4 |
|
Low |
SB04-245
SB04-091 |
openca. org
OpenCA 0.9.1.6 & prior |
OpenCA ‘Crypto-Utils.Lib’ Signature Verification
CVE Name:
CAN-2004-0004 |
Medium |
CyberNotes-2004-02 |
openca.org
OpenCA 0.x |
|
High |
SB04-252 |
OpenOffice
OpenOffice 1.1.2,
Sun StarOffice 7.0 |
OpenOffice/
StarOffice Insure Temporary File Permissions
CVE Name:
CAN-2004-0752
|
Medium |
SB04-301
SB04-280
SB04-266
SB04-259 |
OpenPKG Project
OpenPKG 1.x |
|
Low |
SB04-203 |
OpenSSL Project
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c |
OpenSSL
Insecure Temporary File Creation
CVE Name:
CAN-2004-0975 |
Medium |
SB04-343
SB04-322
SB04-280 |
Opera Software
Opera 7.54 on Linux with KDE 3.2.3 |
Opera Default 'kfmclient exec' Configuration |
High |
SB04-350 |
Opera
Gentoo
Opera 5.x, 6.x, 7.x |
Opera Address Bar Spoofing Condition |
High |
SB04-217 |
| Oracle Corporation
Oracle8i Enterprise Edition 8.1.7.4, Standard Edition 8.1.7.4, Enterprise Edition 9.0.1.5, 9.0.1.4, 9.2.0.4, 9.2.0.3, Oracle9i Personal Edition 9.0.1.5
Oracle Oracle9i Personal Edition 9.0.1.4, 9.2.0.4, 9.2.0.3, Oracle9i Standard Edition 9.0.1.5, 9.0.1.4, 9.2.0.4, 9.2.0.3 |
Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow
CVE Name:
CAN-2004-0638
|
Low/High
(High if arbitrary code can be executed)
|
SB04-252 |
| Oracle Corporation
Oracle8i Enterprise Edition 8.1.7.4, Standard Edition 8.1.7.4, Enterprise Edition 9.0.1.5, 9.0.1.4, 9.2.0.4, 9.2.0.3, Oracle9i Personal Edition 9.0.1.5
Oracle Oracle9i Personal Edition 9.0.1.4, 9.2.0.4, 9.2.0.3, Oracle9i Standard Edition 9.0.1.5, 9.0.1.4, 9.2.0.4, 9.2.0.3 |
Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow
CVE Name:
CAN-2004-0638
|
Low/High
(High if arbitrary code can be executed)
|
SB04-252 |
Oracle Corporation
Oracle Application Server 10g 9.0.4, 9.0.4 .0, Oracle10g Application Server 10.1.0.2, Oracle10g Enterprise Edition 9.0.4.0, 10.1.0.2, Oracle10g Personal Edition 9.0.4.0, 10.1.0.2, Oracle10g Standard Edition 9.0.4.0, 10.1.0.2 |
Oracle Multiple Buffer Overflows |
High |
SB04-252 |
Oracle Corporation
Oracle8i Enterprise Edition 8.1.7.4, Standard Edition 8.1.7.4, Oracle9i Enterprise Edition 9.2.0.4, Personal Edition 9.2.0.4, Standard Edition 9.0.1.3, 9.2.0.4 |
Oracle Database Server ctxsys.driload Access Validation
CVE Name:
CAN-2004-0637
|
High |
SB04-252 |
Oracle
Oracle 8i, 9i Multiple Implementations |
Oracle Database Default Library Directory Privilege Escalation Vulnerability |
High |
SB04-217 |
| OSTicket.com
osTicket STS 1.2
|
OSTicket Multiple Vulnerabilities |
High/ Medium
(High if arbitrary code can be executed; and Medium is sensitive information can be obtained)
|
SB04-189 |
pan. rebelbase.com
Pan 0.9.7, 0.11.4, 0.14.2 |
Pan Long Author Address Remote Denial of Service
CVE Name:
CAN-2003-0855 |
Low |
CyberNotes-2004-01 |
Patric Müller
Vilistextum 2.6.6 |
Patric Müller Vilistextum get_attr() Buffer Overflow |
High |
SB04-357 |
Paul Francis Harrison
Synaesthesia 2.1.0-
2.1.2, 2.2
|
|
High |
SB04-077 |
Paul L Daniels
ripMIME 1.3.2.2 and prior |
ripMIME Base64 Decoding May Terminate Prematurely When Decoding Virus Attachments |
Medium |
SB04-231 |
Paul L. Daniels
SignatureDB 0.1.1 |
SignatureDB ‘sdbscan’ Buffer Overflow |
High |
SB04-058 |
Paul LDaniels
ripMIME prior to 1.4.0.0 |
|
Medium |
SB04-259 |
pavuk.sourceforge. net
Debian
Gentoo
Pavuk 0.9pl28i, 0.928r1;
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Gentoo Linux 1.1 a, 1.2, 1.4, rc1-rc3
|
Pavuk Remote ‘Location:’ Header Remote Buffer Overflow
CVE Name:
CAN-2004-0456
|
High |
SB04-189 |
Pedro L. Orso
Mailmgr 1.2.3 |
Mailmgr Insecure Temporary File Creation |
Medium |
SB04-058 |
Peter D. Gray
SUS 2.0, 2.0.1 |
|
High |
SB04-266 |
Peter F. Brown
Simple Form prior to 2.2 |
Simple Form Open Mail Relay Vulnerability |
Low |
SB04-231 |
Peter Zelezny
X-Chat 1.8-1.8.2, 1.8.6- 1.8.9, 2.0.1, 2.0.5- 2.0.8 |
XChat SOCKS 5 Remote Buffer Overflow |
|
SB04-133
SB04-119 |
Peter Zelezny
X-Chat 1.8-1.8.2, 1.8.6- 1.8.9, 2.0.1, 2.0.5- 2.0.8 |
|
|
SB04-280 |
Phorum
Phorum 3.4.7, 3.4.8 |
Phorum_URIAuth SQL Injection |
High |
SB04-119 |
PHP Arena
paFileDB 3.1 |
PHP Arena paFileDB Hashed Passwords Access |
Medium |
SB04-343 |
PHP Arena
PAFileDB 3.0, Beta 3.1 |
PAFileDB Cross-Site Scripting & Information Disclosure
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
PHP Arena
paFileDB 3.1 Final |
paFileDB
'file' Input Validation |
High |
SB04-273 |
PHP Code Snippet Library
PHP Code Snippet Library 0.8 |
PHP Code Snippet Library Multiple Cross-Site Scripting |
High |
SB04-245 |
PHP Group
Slackware
Linux 8.1, 9.0, 9.1
|
Slackware Linux PHP Packages Insecure Linking Configuration |
High |
SB04-161 |
PHP Group
Debian
Slackware
Fedora
pp 4.3.7 and prior |
|
High |
SB04-350
SB04-266
SB04-217 |
phpBB Group
phpBB 2.0.0-2.0.10 |
PHPBB Remote URLDecode Input Validation |
High |
SB04-336
SB04-322 |
phpBB Group
phpBB 2.0.9 and prior |
phpBB Cross Site Scripting, Full Path, and XSS Vulnerabilities |
High |
SB04-217 |
phpBB Group
phpBB 2.0 .0- 2.0.8 |
PHPBB Common.php IP Address Spoofing |
Medium |
SB04-119 |
phpBB Group
phpBB 2.0 .0, 2.0 RC1-RC4, 2.0.1- 2.0.8 |
PHPBB album_portal.php Remote File Include |
High |
SB04-119 |
phpbt. Source forge.net
PhpBug Tracker Incident Management System 0.9 .0rc1, 0.9 .0, 0.9.1 |
PHPBug Tracker Multiple Input Validation Vulnerabilities |
High |
SB04-119 |
PHPGroupWare
PHPGroupWare 0.9.12, 0.9.13, 0.9.14 .003, 0.9.14.005-0.9.14.007, 0.9.16 RC1, 0.9.16 .002, 0.9.16 .000 |
PHPGroupWare Wiki Cross-Site Scripting |
High |
SB04-259 |
PHPGroupWare
PHPGroupWare 0.9.16.03 |
PHPGroupWare Multiple Cross-Site Scripting and SQL Injection |
High |
SB04-357 |
PHPGroupWare
phpMyAdmin 2.4.0 up to 2.6.1-rc1 |
PHPGroupWare phpMyAdmin Two Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-357 |
| phpHeaven
phpMyChat 0.14.5
|
PHPHeaven PHPMyChat Multiple Remote Vulnerabilities |
High/ Medium
(High if arbitrary code can be executed or admin access obtained; Medium is sensitive information can be obtained)
|
SB04-175 |
phplist.com
Mailing List Manager 2.6-2.6.3 |
PHPlist Unspecified Remote Security Vulnerabilities |
Not Specified |
SB04-308 |
PhpMy Admin Development Team
PhpMy Admin
|
phpMyAdmin ‘Export.PHP’ Directory Traversal
CVE Name:
CAN-2004-0129
|
Medium |
CyberNotes-2004-03 |
phpMyAdmin Development Team
phpMyAdmin 2.5 .0-2.5.7, 2.6 .0pl1&2 |
PHPMyAdmin Multiple Remote Cross-Site Scripting
|
High |
SB04-343 |
phpMyAdmin
phpMyAdmin 2.0-2.0.5, 2.1-2.1.2, 2.2, 2.2 pre1&2, 2.2 rc1-rc3, 2.2.2-2.2.6, 2.3.1, 2.3.2, 2.4 .0, 2.5 .0-2.5.2, 2.5.4, 2.5.5 pl1. 2.5.5 -rc1&rc2, 2.5.5, 2.5.6 -rc1, 2.5.7 pl1, 2.5.7, 2.6.0pl1 |
phpMyAdmin Remote Command Execution
|
High |
SB04-294 |
| phpMyAdmin
phpMyAdmin 2.5.1, 2.5.2, 2.5.4, 2.5.5 pl1, 2.5.5 –rc1&rc2, 2.5.5, 2.5.6 -rc1, 2.5.7
|
phpMyAdmin Multiple Input Validation |
High |
SB04-189 |
phpMyWebhosting version 0.3.4 |
phpMyWebhosting SQL Injection Vulnerabilities |
High |
SB04-273
SB04-231 |
PHPNews
PHPNews 1.2.3 |
|
Medium |
SB04-350
SB04-336 |
phpro. nabirov. net
PhProfession 2.5
|
PHProfession Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-119 |
phpWebSite Development Team
phpWebsite 0.7.3, 0.8.2, 0.8.3, 0.9.3, -1-4 |
phpWebSite HTTP Response Splitting |
High |
SB04-336 |
pig. Source forge.net
pig. 0.54 |
PISG IRC Nick Cross-Site Scripting
|
High |
SB04-119 |
| Pigmented
PimenGest2 1.10 -1
|
PimenGest2 'rowLatex.inc.php' Information Disclosure
|
Medium |
SB04-161 |
| pivotlog.net
Pivot Web Log Tool 1.0 02, 1.0, RC1&RC2, Final, 1.0 beta2b, 1.0 beta2, 1.10
|
Pivot Multiple Vulnerabilities
|
High |
SB04-175 |
pizzashack.org
rssh 2.2.2 |
pizzashack rssh Security Bypass |
High |
SB04-343 |
PNG Development Group
Conectiva
Debian
Fedora
Gentoo
Mandrakesoft
RedHat
SUSE
Sun Solaris
HP-UX
GraphicsMagick
ImageMagick
Slackware
libpng 1.2.5 and 1.0.15 |
Multiple Vulnerabilities in libpng
CVE Names:
CAN-2004-0597
CAN-2004-0598
CAN-2004-0599 |
High |
SB04-343
SB04-308
SB04-294 |
| Polar HelpDesk 3.0 |
Polar HelpDesk Authentication Bypass |
Medium |
SB04-217 |
Post Nuke Development Team
Post Nuke Phoenix 0.726 |
Post Nuke Phoenix Multiple Module SQL Injection |
High |
SB04-119 |
Post Nuke Development Team
Post Nuke Phoenix 0.726 |
Post Nuke Phoenix Cross-Site Scripting & Path Disclosure |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-119 |
PostgreSQL Global Development Group
Mandrakesoft
PostgreSQL |
Updated postgresql Packages Fix Buffer Overflow |
Low |
SB04-217 |
PostgreSQL
PostgreSQL 7.0.2, 7.0.3, 7.1-7.1.3, 7.2-7.2.4, 7.3-7.3.4, 7.4, 7.4.3, 7.4.5 |
PostgreSQL Unspecified RPM Initialization Script |
Not Specified |
SB04-315 |
PostgreSQL
PostgreSQL 7.4.5 |
PostgreSQL Insecure Temporary File Creation
CVE Name:
CAN-2004-0977
|
Medium |
SB04-357
SB04-350
SB04-308
SB04-301
SB04-280 |
Pr oFTPD Project
Pr oFTPD 1.2.7, 1.2.8, 1.2.9 rc1& rc2 |
Pr oFTPD‘_x late_ascii_write()’ Remote Buffer Overflow
|
High |
SB04-077 |
PRAGMA ADE
ConTeXt |
ConTeXt Temporary File Symlink |
Medium/ High
(High if ROOT access is obtained)
|
SB04-105 |
ProFTPD Project
ProFTPD 1.2.9 |
ProFTPD SITE CHGRP CommandFile/Directory Group Ownership Modification |
Medium |
SB04-350 |
ProFTPd.net
ProFTPd 1.2.8, 1.2.10; possibly other versions
|
ProFTPd Login Timing Account Disclosure |
Medium |
SB04-294 |
proxytunnel
proxytunnel 1.0.6, 1.1.3, 1.2.0, 1.2.2 |
Proxytunnel Remote Format String |
High |
SB04-315 |
ProZIlla
ProZilla Download Accelerator 1.0 x, 1.3.0-1.3.4, 1.3.5.2, 1.3.5 .1, 1.3.5, 1.3.6 |
ProZilla Multiple Remote Buffer Overflow |
High |
SB04-336 |
PServer
Pico Server (PServer) 2.0 beta 1-beta3, beta5- beta 9, 2.0.1, 2.0.2, 2.1 beta 1&2, 3.0 beta1& 2 |
PServer Web Server Directory Traversal |
Medium |
CyberNotes-2004-01 |
Qwikmail
Qwikmail 0.3 |
QwikMail Format String |
High |
SB04-315
SB04-308 |
Rainer Wichmann
Samhain Labs hsftp 1.4-1.7, 1.9-1.11, 1.13, 1.14
|
|
High |
SB04-077 |
Rajah Kumar Adamancy
Sniff 1.0
|
Sniff Remote Denial of Service
|
Low |
SB04-119
SB04-105 |
Raxnet
Cacti 0.5, 0.6-0.6.8, 0.8-0.8.5;
Gentoo Linux 1.4 |
RaXnet Cacti Auth_Login.PHP Authentication Bypass |
Medium |
SB04-245 |
Red Hat
Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), Advanced Workstation 2.1 for the Itanium Processor |
Red Hat ncompress Buffer Overflow
CVE Name:
CAN-2001-1413 |
High |
SB04-350 |
| Red Hat
Linux kernel-2.4.20-8.athlon.rpm, 2.4.20-8.i386.rpm, 2.4.20-8.i586.rpm, 2.4.20-8.i686.rpm, kernel-smp-2.4.20-8.athlon.rpm, kernel-smp-2.4.20-8.i586.rpm , kernel-smp-2.4.20-8.i686.rpm , kernel-source-2.4.20-8.i386.rpm, Linux 8.0, i686, i386 |
Red Hat BCM5820 Linux Driver Buffer Overflow
CVE Name:
CAN-2004-0619
|
High/Low
(High if arbitrary code can be executed; and Low if a DoS) |
SB04-343 |
Red Hat
Linux Kernel 2.4.x, ia64 |
|
Medium |
SB04-357 |
Red Hat, Inc.
Linux Kernel 2.4.x, ia64 |
|
Medium |
SB04-203 |
RedHat
Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3 |
Red Hat redhat-config-nfs Exported Shares Configuration
CVE Name:
CAN-2004-0750
|
Medium |
SB04-273 |
RedHat
Enterprise Linux 2.1AS |
Util-Linux Login Program Information Leakage
CVE Name:
CAN-2004-0080
|
Medium |
SB04-058
CyberNotes-2004-03 |
| RedHat
Linux kernel-2.4.20-8.athlon.rpm, 2.4.20-8.i386.rpm, 2.4.20-8.i586.rpm, 2.4.20-8.i686.rpm, kernel-smp-2.4.20-8.athlon.rpm, kernel-smp-2.4.20-8.i586.rpm , kernel-smp-2.4.20-8.i686.rpm , kernel-source-2.4.20-8.i386.rpm, Linux 8.0, i686, i386
|
BCM5820 Linux Driver Buffer Overflow |
High/Low
(High if arbitrary code can be executed; and Low if a DoS)
|
SB04-189 |
Redhat
GNOME VFS
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64; Red Hat Linux Advanced Workstation 2.1 - ia64;
Red Hat Enterprise Linux ES version 2.1 - i386; Red Hat Enterprise Linux WS version 2.1 - i386; Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64, Red Hat Desktop version 3 - i386, x86_64;
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64;
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 |
GNOME VFS updates address extfs vulnerability
CVE Name:
CAN-2004-0494 |
High |
SB04-245
SB04-231 |
Redhat
GNOME VFS
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64;
Red Hat Linux Advanced Workstation 2.1 - ia64;
Red Hat Enterprise Linux ES version 2.1 - i386;
Red Hat Enterprise Linux WS version 2.1 - i386;
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64;
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64;
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 |
Red Hat GNOME VFS updates address extfs vulnerability
CVE Name:
CAN-2004-0494 |
High |
SB04-350
SB04-252
SB04-231 |
Regents of University of California
bsdmainutils 6.0.14 |
Bsdmainutils Calendar Information Disclosure
CVE Name:
CAN-2004-0793
|
High |
SB04-252 |
RemoteSensing
LibTIFF 3.5.7, 3.6.1, 3.7.0 |
Remote Sensing LibTIFF Two Integer Overflow Vulnerabilities
CVE Name:
CAN-2004-1308
|
High |
SB04-364 |
rmerge.sourceforge. net
HTML::Merge 3.0 - 3.42 |
HTML::Merge 'printsource.pl' Input Validation |
High |
SB04-308 |
Roaring Penguin Software
MIMEDefang 2.4, 2.14, 2.20, 2.21, 2.38, 2.39, 2.41-4.47 |
Roaring Penguin Software MIMEDefang Multiple Vulnerabilities
|
Not Specified |
SB04-336
SB04-308 |
Roaring Penguin Software
Roaring Penguin 3.5 & prior |
Roaring Penguin pppoe Elevated Privileges
CVE Name:
CAN-2004-0564
|
Medium |
SB04-350
SB04-280 |
Rob Flynn
Gaim 0.10 x, 0.10.3, 0.50-0.75 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-315
SB04-245
SB04-301 |
Rob Flynn
Gaim 0.50-0.75, 0.82, 0.82.1, 1.0, 1.0.1 |
Gaim Remote Denials of Service |
Low |
SB04-301 |
Rob J. Maier
rident.pl 0.91 b |
rident.pl File Override
|
Medium |
SB04-091 |
| Roundup
Roundup 0.5-0.5.9, 0.6.11
|
Roundup Directory Traversal
|
Medium |
SB04-175 |
Roxio
Toast 6.0 Titanium |
Roxio Toast TDIXSupport Local Privilege Escalation |
High |
SB04-357 |
Royal Institute of Technology
FreeBSD
Debian
Gentoo
KTH Heimdal 0.5-0.5.3, 0.6 .0, 0.6.1
|
Heimdal K5AdminD Remote Heap Buffer Overflow
CVE Name:
CAN-2004-0434
|
High/Low
(High if arbitrary code can be executed)
|
SB04-161
SB04-133 |
Royal Institute of Technology
KTH Heimdal 0.4 a-
0.4 e,
0.5-0.5.2, 0.6 .0
|
|
Medim |
SB04-133
SB04-105 |
RSBAC
Gentoo
RSBAC 1.2.2, 1.2.3; Gentoo Linux 1.4
|
RSBAC Multiple Vulnerabilities
|
Medium |
SB04-189 |
| rssh.sourceforge.net
rush 2.0, 2.1
|
RSSH Information Disclosure |
Medium |
SB04-189 |
rssh
rssh 2.2.1 & prior |
rssh 'log.c' Format String |
High |
SB04-301 |
Russell Marks
xzgv .8 |
Russell Marks xzgv Integer Overflow
CVE Name:
CAN-2004-0994 |
High |
SB04-357
SB04-350 |
Russell Marks
zgv Image Viewer 5.5 |
ZGV Image Viewer Multiple Remote Integer Overflow |
|
SB04-322
SB04-308 |
Russell Marks
zgv Image Viewer 5.5 |
|
High |
SB04-357
SB04-322 |
Ryszard Pydo
LinuxStat 2.0-2.3 |
Ryszard Pydo LinuxStat Remote Directory Traversal |
Medium |
SB04-308 |
SAFE TEAM
Regulus 2.2 -95 |
SAFE TEAM Regulus Information Disclosure |
Medium |
SB04-259 |
Samba
Samba 2.2.11, 3.0.6; SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Enterprise Server 9, 8 |
Samba Remote Print Change Notify Remote Denial of Service
CVE Name:
CAN-2004-0829
|
Low |
SB04-266
SB04-259
SB04-245 |
Samba. org
Samba 3.0, alpha, 3.0.1 |
Samba ‘Mksmb passwd.sh’ Unauthorized Access |
Medium |
SB04-058 |
Samba.org
Samba version 3.0 - 3.0.6
|
|
Low |
SB04-357
SB04-294
SB04-273
SB04-266
SB04-259
|
Samhain Labs
Samhain 1.8.9, 2.0.1
|
samhain sh_hash_compdata() Buffer Overflows |
High |
SB04-322 |
Sand Surfer
Sand Surfer 1.6.5 |
SandSurfer User Authentication |
Medium |
SB04-058 |
Sand Surfer
Sand Surfer 1.6.5, 1.7.0
|
SandSurfer Multiple Cross-Site Scripting Vulnerabilities |
High |
SB04-077 |
Sandino Flores Moreno
Gaim Festival Plug-in 0.68, 0.68.2, 0.70, 0.71, 0.76, 0.77, 0.78, 0.81, 1.0 |
Sandino Flores Moreno Gaim Festival Plug-in Remote Denial of Service |
Low |
SB04-343 |
| SCO Group
SCO OpenServer 5.x |
|
Medium |
SB04-308
SB04-301
SB04-203
|
| SCO
OpenServer 5.0.5, 5.0.6, 5.0.7
|
SCO OpenServer X Session Access Controls Do Not Permit Xauthority Controls for Some X Sessions |
Medium |
SB04-147 |
Scorched 3D
Scorched 3D 35.0, 36.0, 36.136.2 |
Scorched 3D Server Memory Corruption Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-105 |
SCO
SCO OpenServer 5.0.6 and 5.0.7 |
OpenServer Xsco Buffer Overflow Vulnerabilities
CVE Name:
CAN-2004-0083
CAN-2004-0106 |
High |
SB04-217 |
Sendmail Consortium
Sendmail 8.12.3, 8.13.1 |
|
Medium |
SB04-273 |
SERENA Software, Inc.
Serena TeamTrack 6.1.1 and prior |
Serena TeamTrack Multiple Vulnerabilities |
Medium |
SB04-217 |
Seymour Shlien
abcMIDI 2004.12.04 |
Seymour Shlien abcMIDI dxfin() Buffer Overflow |
High |
SB04-357 |
| SGI
IRIX 6.5.20 m, 6.5.20 f, 6.5.21 m, 6.5.21 f, 6.5.22-6.5.25
|
|
Low |
SB04-175 |
SGI
IRIX 6.5.22-6.5.25 |
|
Not Specified |
SB04-280 |
| SGI
IRIX 6.5.x
|
SGI IRIX ‘syssgi()’ System Call Root Access
CVE Name:
CAN-2004-0135
|
High |
SB04-175 |
| SGI
IRIX 6.5.x
|
IRIX Checkpoint and Restart libcpr Library Error
CVE Name:
CAN-2004-0134
|
High |
SB04-161 |
| SGI
IRIX 6.5.20 m, 6.5.20 f, 6.5.21 m, 6.5.21 f, 6.5.22-6.5.25
|
|
Low |
SB04-357 |
| SGI
IRIX 6.5.24 |
|
Low |
SB04-147 |
SGI
IRIX |
IRIX IFConfig -ARP Failure To Disable ARP Functionality
|
Medium |
SB04-133 |
SGI
IRIX |
IRIX Unspecified UDP Denial of Service
|
Low |
SB04-133 |
SGI
IRIX 6.5.20 m, 6.5.20 f, 6.5.20, 6.5.21 m, 6.5.21 f, 6.5.21, 6.5.22, |
IRIX ftpd Multiple Remote Denial of Service
|
Low |
SB04-105 |
SGI
IRIX 6.5.22 & prior |
IRIX Libdesktopicon.so Local Buffer Overflow |
High |
CyberNotes-2004-03 |
SGI
Samba on SGI IRIX 6.5.x |
SGI Multiple Samba Vulnerabilities
CVE Names:
CAN-2004-0807
CAN-2004-0882
CAN-2004-0930 |
Low/High
(High if arbitrary code can be executed)
|
SB04-357
SB04-350 |
Shaun@ shat.net
Network Query Tool 1.0, 1.6 |
Network Query Tool Cross-Site Scripting & Information Disclosure
|
Medium /High
(High if arbitrary code can be executed)
|
SB04-119 |
Silicon Graphics
SGI IRIX 6.5.x, CDE 5.3.4 |
SGI IRIX CDE Multiple Vulnerabilities
CVE Names:
CAN-2003-0834
CAN-2004-0368 |
Medium |
SB04-231 |
SnipSnap
SnipSnap 0.5.2 a |
SnipSnap HTTP Response Splitting |
Medium |
SB04-266 |
Sophos
MailMonitor for SMTP 2.1 |
Sophos MailMonitor SMTP Email Handling
|
Not Specified |
SB04-315 |
Sourcefire
Snort prior to 2.3.0-RC1 |
Sourcefire Snort TCP/IP Options Error |
Low |
SB04-364 |
Sourceforge.net
Gentoo Linux
Pavuk 0.x |
Pavuk Digest Authentication Buffer Overflow Vulnerabilities |
High |
SB04-231
SB04-217 |
sox.sourceforge.net
Fedora
Mandrakesoft
Gentoo
Conectiva
RedHat
SoX 12.17.4, 12.17.3,
and 12.17.2 |
SoX ".WAV" File Processing Buffer Overflow Vulnerabilities
CVE Name:
CAN-2004-0557
|
High |
SB04-231
SB04-294 SB04-245 SB04-217 |
| SpamAssassin prior to 2.64 |
SpamAssassin Lets Remote Users Deny of Service By Sending Malformed Messages |
Low |
SB04-231 |
SpamAssassin.org
SpamAssassin prior to 2.64 |
|
Low |
SB04-280
SB04-273
SB04-266
SB04-245 |
SpamAssassin
SpamAssassin 3.0.1 |
SpamAssassin Remote Denial of Service |
Low |
SB04-315 |
Speedtouch
USB Driver 1.0, 1.1, 1.2 , beta1-beta3, 1.3 |
|
High |
SB04-322
SB04-301 |
splitbrain.org
DokuWiki 2004-09-30, 2004-09-25, 2004-09-12, 2004-08-22, 2004-08-15a, 2004-08-15, 2004-08-08, 2004-07-25, 2004-07-21 |
DokuWiki Access Control Enforcement
|
|
SB04-301 |
SQLgrey
Postfix Greylisting Service 1.1.1, 1.1.3, 1.2 .0, 1.3 .0 |
SQLgrey Postfix Greylisting Service SQL Injection
|
Medium |
SB04-357
SB04-329 SB04-322 |
Squid Guard
Guard 1.0.0, 1.1.0- 1.1.5, 1.2.0 |
SquidGaurd NULL URL Character Unauthorized Access
CVE Name:
CAN-2004-0189
|
Medium |
SB04-119
SB04-091 |
Squid-cache.org Debian
Fedora
Gentoo
Mandrake
OpenPKG
RedHat
SGI
SuSE
Tinysofa
Trustix
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4 STABLE7, 2.4. 2.5 STABLE5, STABLE4, STABLE3, STABLE1 |
|
High |
SB04-315 |
Squid-cache.org
Debian
Fedora
Gentoo
Mandrake
OpenPKG
RedHat
SGI
SuSE
Tinysofa
Trustix
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4 STABLE7, 2.4. 2.5 STABLE5, STABLE4, STABLE3, STABLE1
|
|
High |
SB04-175 |
Squid-cache.org
Squid 2.5.STABLE6 & prior |
Squid 'clientAbortBody()' Remote Denial of Service |
Low |
SB04-259 |
Squid-cache.org
Squid 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support
|
|
Low |
SB04-315 SB04-315
SB04-308 SB04-301 SB04-294 SB04-287 |
Squid-cache.org
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE 5, 2.4 STABLE 7, 2.4, 2.5 STABLE 4, 2.5 STABLE3 |
Squid Proxy Access Control Bypass |
Medium |
SB04-077
|
Squid-cache.org
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4, STABLE7, 2.5 STABLE1-STABLE6, Squid Web Proxy Cache 3.0 PRE1-PRE3 |
Squid Proxy NTLM Authentication Remote Denial of Service
CVE Name:
CAN-2004-0832
|
Low |
SB04-315
SB04-252
SB04-280
SB04-266 |
Squirrel Mail Development Team
Gentoo
Squirrel Mail 1.0.4, 1.0.5, 1.2.0- 1.2.11, 1.4- 1.4.2
|
SquirrelMail Folder Name Cross-Site Scripting |
High |
SB04-161
SB04-133 |
SquirrelMail Development Team
Fedora
Gentoo
Open Webmail
RedHat
SGI
SquirrelMail 1.4-1.4.3 RC1, 1.5 Development Version;
Open Webmail 2.30-2.32
|
|
High |
SB04-175
SB04-161 |
SquirrelMail Development Team
Fedora
Gentoo
RedHat
SGI
SquirrelMail 1.0.4, 1.0.5, 1.2.0-1.2.11, 1.4-1.4.2
|
|
High |
SB04-217 SB04-189
SB04-161 |
| SquirrelMail Development Team
SquirrelMail 1.0.4-1.4.2
|
Multiple XSS Vulnerabilities in SquirrelMail |
High |
SB04-147 |
SquirrelMail
SquirrelMail change_ passwd 3.1 -1.2.8 |
SquirrelMail Change_ Passwd Plug-in Buffer Overflow |
High |
SB04-133
SB04-119 |
SSH Communications
SSH Tectia Server 4.0.3, 4.0.4 |
SSH Tectia Server Private Key Disclosure |
Medium |
SB04-091 |
st.Alphonsos
Cracka-
laka 1.0 .8
|
Crackalaka IRC Server Remote Denial of Service
|
Low |
|
Stephen Kozik
Cloister blog 1.2.2 |
Cloisterblog Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed or administrative access obtained)
|
SB04-105 |
Stevens-Bradfield
mah-jong prior to 1.6.1
|
mah-jong Game Can Be Crashed By Remote Users With Empty Name Value
CAN-2004-0458
|
Low |
SB04-147 |
Stuart Cunningham
libbsb 0.0.6 |
Stuart Cunningham libbsb bsb2ppm bsb_open_header() Buffer Overflow |
High |
SB04-357 |
Sublimation
scponly prior to 4.0
|
Sublimation scponly Security Bypass |
High |
SB04-343 |
Subversion
Subversion 1.0-1.0.7, 1.1 .0 rc1-rc3 |
Subversion Mod_Authz_Svn Metadata Information Disclosure
CVE Name:
CAN-2004-0749
|
Medium |
SB04-315 SB04-280 SB04-273 |
Subversion
Fedora
Gentoo
OpenPKG
SuSE
OpenPKG Current, 2.0;
Subversion 1.0-1.0.4
|
|
|
SB04-175 |
Suidperl
Suidperl |
|
Medium |
CyberNotes-2004-03 |
Sun Java Plugin |
Sun Java Plugin Privilege Escalation |
Medium |
SB04-350 |
Sun Microsystems Inc.
Sun Solaris 8.0 _x86
Sun Solaris 8.0
Sun Solaris 9.0 _x86 Update 2
Sun Solaris 9.0 _x86
Sun Solaris 9.0
|
The Solaris Management Console (smc(1M)) Server May Disclose Information About Files on a Solaris System |
Medium |
SB04-147 |
Sun Microsystems
iPlanet Messaging Server/Sun ONE Messaging Server |
Sun Security Vulnerability in Webmail |
High |
SB04-357 |
Sun Microsystems
sendmail on Sun Solaris 9 |
Sun Solaris Sendmail DNS TXT Records Buffer Overflow
|
Low/High
(High if arbitrary code can be executed)
|
SB04-350 |
Sun Microsystems, Inc.
Solaris 8 |
Sun Solaris
Gzip File Access |
Medium |
SB04-294 |
| Sun Microsystems, Inc. ,
Patch 115168-03, Patch 112908-12
|
Solaris Patches 112908-12 And 115168-03 Clear Text Password Logging |
Medium |
SB04-189 |
| Sun Microsystems, Inc. ,
Solaris 7.0, 7.0 _x86, 8.0, 8.0 _x86, 9.0, 9.0_x86 Update 2, 9.0 _x86
|
Sun Solaris Basic Security Module Auditing Denial of Service
|
Low |
SB04-189 |
| Sun Microsystems, Inc.
Enterprise Storage Manager 2.1, StorEdge 3310 SCSI Array, 3510 FC Array
|
Sun Enterprise Storage Manager Privilege Escalation |
|
SB04-189 |
Sun Microsystems, Inc.
iPlanet Messaging Server 5.2;
Sun ONE Messaging Server 6.1 |
Sun One/IPlanet Messaging Server Webmail Hijack |
Medium |
SB04-322 |
Sun Microsystems, Inc.
Netra 1280
Sun Fire 3800, 4800, 4810, 6800, V1280
|
Sun Fire/Netra Remote Denial of Service
|
Low |
SB04-119 |
Sun Microsystems, Inc.
Solaris 2.5, 7.0, 8.0 |
Solaris ‘TCSetAttr’ Denial of Service |
Low |
CyberNotes-2004-03 |
Sun Micro-systems, Inc.
Solaris 2.6, 2.6_x86, 7.0, 7.0_x86, 8.0, 8.0_x86 |
Solaris Text Editor ‘ed’ Elevated Privileges |
Medium |
CyberNotes-2004-01 |
Sun Microsystems, Inc.
Solaris 2.6, 2.6_x86, 7.0, 7.0_x86, 8.0, 8.0_x86, 9.0, 9.0_x86 |
Solaris ‘vfs_getvfssw’ function Root Access
|
High |
SB04-119
SB04-091 |
Sun Microsystems, Inc.
Solaris 2.6, 2.6_x86, 7.0, 7.0_x86, 8.0, 8.0_x86, 9.0, 9.0_x86 |
Solaris Multiple ‘UUCP’ Buffer Overflows
|
High |
SB04-077 |
Sun Micro-systems, Inc.
Solaris 2.6, 2.6_x86, 7.0, 7.0_x86, 8.0, 8.0_x86, 9.0, 9.0_x86 |
Solaris LPStat Elevated Privileges
CVE Name:
CAN-2003-0999 |
High |
CyberNotes-2004-01 |
Sun Microsystems, Inc.
Solaris 7.0, 7.0_96, 8.0, 8.0_x86, 9.0, 9.0_x86 |
Solaris conv_fix Root Access
|
High |
SB04-077 |
Sun Microsystems, Inc.
Solaris 7.0, 7.0_X86, 8.0, 8.0_X86, 9.0, 9.0_X86 |
Sun Solaris modload() Remote Root Privileges |
High |
CyberNotes-2004-03 |
Sun Microsystems, Inc.
Solaris 8.0, 8.0_x86, 9.0, 9.0_x86 |
Solaris SendFileV Denial of Service |
Low |
SB04-119 |
Sun Microsystems, Inc.
Solaris 8.0, 8.0_x86, 9.0, 9.0_x86 |
Solaris TCP/IP Networking Stack Denial of Service
|
Low |
SB04-133 |
Sun Microsystems, Inc.
Solaris 8.0, 8.0_x86, 9.0, 9.0_x86 |
Sun Solaris Passwd Local Root Compromise |
High |
SB04-077 |
Sun Microsystems, Inc.
Solaris 8.0, 8.0_x86, 9.0,
9.0_x86
|
Solaris ‘PFExec’ Elevated Privileges |
Medium |
CyberNotes-2004-03 |
Sun Microsystems, Inc.
Solaris 9.0_x86, 9.0 |
Solaris Secure Shell Daemon Client Logging
|
Medium |
SB04-105 |
Sun Microsystems, Inc.
Sun Cluster 3.0, 3.1 |
Sun Cluster Global File System Denial of Service
|
Low |
|
| Sun Microsystems, Inc.
Sun Fire B1600
|
Fire B1600 Network Management Port Remote Denial of Service
|
Low |
SB04-161 |
Sun Micro-systems, Inc.
Sun ONE/ iPlanet Web Server 6.0 SP5 & prior |
Sun One Web Server Remote Denial of Service |
Low |
CyberNotes-2004-02 |
Sun Microsystems, Inc.
Sun Patch 113579- 02, 113579-03, 113579-04, 113579-05, 114342-02, 114342-03, 114342-04, 114342-05 |
Solaris Patch Information Disclosure |
Medium |
SB04-133 |
Sun Microsystems, Inc.
DtMai, Solaris 8.0 _x86, 8.0, 9.0 _x86, 9.0 |
|
High |
SB04-245 |
Sun Microsystems, Inc.
Java 2 Runtime Environment 1.4.2, 1.5 |
Sun Java Runtime Environment InitialDirContext Remote Denial of Service |
Low |
SB04-322 |
Sun Microsystems, Inc.
Performance Suite 4.0, 4.1, Utilization Suite 4.0, 4.1 |
Sun StorEdge Sparse File Information Disclosure |
Medium |
SB04-308 |
Sun Microsystems, Inc.
Solaris 8.0, 8.0 _x86, 9.0, 9.0 _x86 |
Sun Solaris LDAP RBAC Root Privileges |
High |
SB04-301 |
Sun Microsystems, Inc.
Solaris 8.0, 8.0_x86
|
Solaris 'in.named' Remote Denial of Service |
Low |
SB04-252 |
Sun Microsystems
Solaris 7, 8, 9 |
Sun Solaris IN.RWHOD(1M) Daemon |
High |
SB04-350 |
Sun Microsystems
Sun Solaris 7, 8, 9 |
Sun Solaris 'ping' Buffer Overflow |
|
Mailing Lists & Feeds
