| UNIX / LINUX Operating Systems Only |
Vendor & Software Name |
Common Name |
Risk |
Source |
4D, Inc.
4D WebSTAR 5.3.2 and prior versions |
4D WebSTAR Grants Access to Remote Users and Elevated Privileges to Local Users |
High |
SB04-203
|
ACPID
ACPID 1.0.1, 1.0.3 |
ACPID Insecure Umask Directory Permissions |
Low |
SB04-336 |
| Activestate
ActivePerl 5.6.1 .630- 5.8, RedHat Cygwin 1.5 -1- 1.5.9 -1
|
Multiple Perl Implementation System Function Call Buffer Overflow Vulnerability |
High |
SB04-147 |
Adobe Systems
Adobe Acrobat Reader 5.05 and 5.06 |
Adobe Acrobat Reader Shell Command Injection and Buffer Overflow Vulnerability
CVE Names:
CAN-2004-0630
CAN-2004-0631 |
High |
SB04-245
SB04-231 |
Adobe Systems
Adobe Acrobat Reader 5.05 and 5.06 |
Adobe Acrobat Reader Shell Command Injection & Buffer Overflow Vulnerability
CVE Names:
CAN-2004-0630
CAN-2004-0631 |
|
SB04-259 |
Adobe
Adobe Acrobat Reader 5.0.9 for Unix |
Adobe Acrobat Reader mailListIsPdf() Buffer Overflow
CVE Name:
CAN-2004-1152
|
High |
SB04-357
SB04-364 |
Adobe
Adobe Version Cue on Mac OS X |
Adobe Version Cue Start/Stop Scripts Arbitrary Script Execution |
High |
SB04-350 |
AIM Sniff
AIM Sniff 0.6-0.9 |
AIM Sniff Insecure Temporary File Creation |
Medium |
SB04-058 |
Aladdin Enterprises
Ghostscript 4.3, 4.3.2, 5.10 cl, 5.10.10 -1 mdk, 5.10.10 -1, 5.10.10 mdk, 5.10.10, 5.10.12 cl, 5.10.15, 5.10.16, 5.50, 5.50.8 _7, 5.50.8, 6.51, 6.52, 6.53, 7.0 4-7.07 |
GhostScript Insecure Temporary File Creation
CVE Name:
CAN-2004-0967
|
Medium |
SB04-301
SB04-280 |
Alvaro Lopez Ortega
Cherokee HTTPD 0.1, 0.1.5, 0.1.6, 0.2, 0.2.5-0.2.7, 0.4.6-0.4.8, 0.4.17 |
Cherokee HTTPD Auth_Pam Authentication Remote Format String
|
High |
SB04-315 |
Amir Malik
QwikMail 0.3 |
Amir Malik QwikMail Buffer Overflow |
High |
SB04-357 |
Andrew Tridgell
Jitterbug 1.62 & prior |
Jitterbug CGI Remote Arbitrary Command Execution
CVE Name:
CAN-2004-0028 |
High |
CyberNotes-2004-02 |
Andrew W. Rogers
pcal 0.7.1 |
Andrew W. Rogers pcal Buffer Overflows |
High |
SB04-357 |
Angello Rosiello
Rosiello Security rpf 1.2.2 |
Angello Rosiello Security RPF Multiple Remote And Local Vulnerabilities |
High |
SB04-364 |
Anoakie Turner
GREED (Get and Resume Elite EDition) 0.81p |
Anoakie Turner GREED 'DownloadLoop()' Function |
High |
SB04-357 |
Anton Raharja
PlaySMS 0.6, 0.7 |
PlaySMS SQL Input Validation |
High |
SB04-245 |
Apache Software Foundation
|
Apache Web Server Remote Denial of Service
CVE Name:
CAN-2004-0942
|
Low |
SB04-329
SB04-315 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.48 |
Apache Connection Blocking Denial of Service
CVE Name:
CAN-2004-0174
|
Low |
SB04-105
SB04-119
SB04-091 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.48 |
Apache Error Log Escape Sequence Injection
CVE Name:
CAN-2003-0020
|
High |
SB04-119
SB04-105
SB04-091 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50; Avaya Converged Communications Server 2.0,
Avaya S8300 R2.0.1, R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0 |
|
Low |
SB04-343
SB04-308
SB04-273
SB04-266
SB04-259
SB04-252
|
Apache Software Foundation
Apache 2.0.35- 2.0.48 |
Apache Mod_SSL HTTP Request Remote Denial of Service
CVE Name:
CVE-2004-0113
|
Low |
SB04-119
SB04-091
SB04-077 |
Apache Software Foundation
Apache 2.0.35-2.0.52 |
Apache mod_ssl SSLCipherSuite Access Validation
CVE Name:
CAN-2004-0885
|
Medium |
SB04-350
SB04-336
SB04-322
SB04-315
SB04-301
SB04-294 |
Apache Software Foundation
Apache 2.0.50 |
|
Low |
SB04-343
SB04-308
SB04-273
SB04-266
SB04-259
|
Apache Software Foundation
Conectiva
Gentoo
HP
Immunix
Mandrake OpenBSD
OpenPKG
RedHat
SGI
Trustix
Apache 1.3.26‑1.3.29, 1.3.31;
OpenBSD –current, 3.4, 3.5 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-343
SB04-329
SB04-315
SB04-308
SB04-294
SB04-189
SB04-175 |
Apache Software Foundation
Gentoo
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Tinysofa
Trustix
Apache 1.3-2.0.49 |
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow
CVE Name:
CAN-2004-0488
|
Low/High
(High if arbitrary code can be executed)
|
SB04-294
SB04-147 |
Apache Software Foundation
Apache 2.0.49 (Win32) with PHP 5.0.0 RC2 |
Apache Can Be Crashed By PHP Code |
Low |
SB04-231 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.29, 1.3.31 |
|
High |
SB04-350
SB04-336
SB04-329
SB04-315
SB04-301 |
Apache Software Foundation
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.7 –dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17 1.3.20, 1.3.22- 1.3.29 |
|
Medium |
SB04-077 |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.49 |
Apache mod_disk_ cache Module Client Authentication Credential Disclosure |
Medium |
SB04-091 |
Apache Software Foundation
Apache 2.0.51 |
Apache Satisfy Directive Access Control Bypass
CVE Name:
CAN-2004-0811
|
Medium |
SB04-308
SB04-273 |
Apache Software Foundation
Gregory Trubet-skoy mod_ python 2.7-2.7.8, 3.0-3.0.3 |
Apache mod_python Module Remote Denial of Service
CVE Name:
CAN-2003-0973
|
Low |
SB04-119 |
Apache Software Foundation
Mod_perl version 1.99_09 with Apache 2.0.47 |
Apache mod_perl Module File Descriptor Leakage |
Medium |
CyberNotes-2004-02 |
Apache Software Foundation
PHP 4.2.x, 4.3.x; running with Apache 2.0.x |
Apache ‘mod_php’ Module Information Disclosure |
Medium |
CyberNotes-2004-01 |
Apache-ssl.org
Apache-SSL 1.3.28+ 1.52 & prior |
Apache-SSL Client Certificate Forging |
Medium |
SB04-058 |
Apple Computer
Panther 10.3.4 - Internet Connect 1.3 |
Apple 'Internet Connect.app' Uses and Unsafe Temporary File That Lets Local Users Gain Root Privileges |
Medium |
SB04-217 |
Apple Computer Inc
OS X 10.3-10.3.3
|
Apple Mac OS X help system may interpret inappropriate local script files
CAN-2004-0486
|
High |
SB04-147 |
| Apple Computer Inc.
Apple Macintosh OS X |
|
High |
SB04-147 |
Apple
iCal 1.5.3 |
Apple iCal Calendar Import Alarm Notification Failure
CVE Name:
CAN-2004-1021
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-336 |
Apple
iChat 1.0.1, AV 2.0, 2.1 |
|
High |
SB04-266 |
Apple
Mac OS X 10.0- 10.0.4, 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2, Mac OS X Server 10.0, 10.2- 10.2.8, 10.3- 10.3.2 |
MacOSX Buffer Overflow
CVE Name:
CAN-2003-1006 |
High |
CyberNotes-2004-01 |
Apple
Mac OS X 10.2.8, 10.3.2, Mac OS X Server 10.2.8, 10.3.2 |
MacOS X ASN.1 Decoding Unspecified Remote Denial of Service |
Low |
CyberNotes-2004-01 |
Apple
Mac OS X 10.2.8, 10.3.2, Mac OS X Server 10.2.8, 10.3.2 |
MacOS X ‘fs_usage‘ Elevated Privileges |
Medium |
CyberNotes-2004-01 |
Apple
Mac OS X 10.2.8, 10.3.2, Mac OS X Server 10.2.8, 10.3.2 |
MacOS X AppleFile Server Unspecified |
Low |
CyberNotes-2004-01 |
Apple
MacOS X, MacOS X Server, Darwin |
MacOS X SecurityServer Daemon Denial of Service |
Low/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
| Apple
Mac OS X 10.2.8, 10.3.4, OS X Server 10.2.8, 10.3.4 |
|
High/Medium
(Medium if elevated privileges can be obtained)
|
SB04-245
SB04-175 |
| Apple
Mac OS X 10.3-10.3.3, Mac OS X Server 10.3-10.3.3
|
Mac OS X Multiple Security Vulnerabilities
|
Not Specified |
SB04-175
SB04-161 |
Apple
Darwin Streaming Server 4.1.3, Darwin Streaming Server 4.1.3 |
Quick Time/ Darwin Streaming Server Remote Denial of Service
CVE Name:
CAN-2004-0169
|
Low |
SB04-077 |
Apple
Darwin
Streaming Server 5.0.1 on Mac OS X 10.2.8 or 10.3.6 Server |
Apple Darwin Streaming Server DESCRIBE Null Byte Denial of Service
CVE Name:
CAN-2004-1123
|
Low |
SB04-350 |
Apple
Mac OS X 10.0 3, 10.0- 10.0.4, 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2 |
Mac OS X Apple Filing Protocol Client Multiple Vulnerabilities |
Medium |
SB04-077 |
Apple
Mac OS X 10.2- 10.2.8, 10.3- 10.3.3, Mac OS X Server 10.2- 10.2.8, 10.3- 10.3.3 |
|
Medium |
SB04-133 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Apache File Handlers Bypass & Directly Access
CVE Name:
CAN-2004-1084 |
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Apache on Apple HFS+ '.DS_Store' Files Disclosure
CVE Name:
CAN-2004-1083
|
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple AppKit Secure Input
CVE Name:
CAN-2004-1081 |
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Client
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Cyrus IMAP Server Remote Mailbox Access
CVE Name:
CAN-2004-1089
|
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Server |
Apple Apache mod_digest_apple Authentication Credentials Replay
CVE Name:
CAN-2004-1082
|
Medium |
SB04-343 |
Apple
Mac OS X 10.2.8 Server
Mac OS X 10.3.6 Server |
Apple QuickTime Streaming Server Remote Denial of Service
CVE Name:
CAN-2004-1123 |
Low |
SB04-343 |
Apple
Mac OS X 10.2.8, 10.3.4, 10.3.5 |
Apple QuickTime Streaming Server Remote Denial of Service
CVE Name:
CAN-2004-0825
|
Low |
SB04-266
SB04-259 |
Apple
Mac OS X 10.2.8, 10.3.4, 10.3.5
|
PPPDialer Unsafe Log Files Elevated Privileges
CVE Name:
CAN-2004-0824
|
Medium |
SB04-259 |
Apple
Mac OS X 10.2.8, 10.3.4, 10.3.5 |
Apple Safari Frame Remote Arbitrary Code Execution
CVE Name:
CAN-2004-0720
|
High |
SB04-259 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Terminal Incorrect 'Secure Keyboard Entry' Status
CVE Name:
CAN-2004-1087 |
Low |
SB04-343 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple Postfix CRAM-MD5 Replay Attack
CVE Name:
CAN-2004-1088 |
Medium |
SB04-343 |
Apple
Mac OS X 10.3.6 Client
Mac OS X 10.3.6 Server |
Apple PSNormalizer Buffer Overflow
CVE Name:
CAN-2004-1086 |
High |
SB04-343 |
Apple
Mac OS X 10.3.6 Client; Mac OS X 10.3.6 Server
|
Apple HIToolbox Kiosk Mode Application Quit
CVE Name:
CAN-2004-1085
|
Low |
SB04-343 |
Apple
Mac OS X 10.3.x, 10.2.x |
Mac OS X TruBlue Environment Local Buffer Overflow
CVE Name:
CAN-2004-0089
|
High |
CyberNotes-2004-03 |
Apple
Mac OS X Server 10.0, 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2 |
Mac OS X Server Administration Service Remote Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-091 |
Apple
MacOS X 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2,
MacOS X Server 10.1- 10.1.5, 10.2- 10.2.8, 10.3- 10.3.2
|
|
Medium |
SB04-077 |
Apple
MacOS X 10.2.8, 10.3.4, 10.3.5 |
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-252 |
Apple
MacOS X 10.2.8, 10.3.5 |
Postfix Buffer Error Remote Authentication Prevention
CVE Name:
CAN-2004-0925
|
Medium |
SB04-280 |
Apple
MacOS X 10.2.8, 10.3.5
|
|
High |
SB04-280 |
Apple
MacOS X 10.2.8, 10.3.5 |
|
Medium |
SB04-308
SB04-280 |
Apple
MacOS X 10.2.8, 10.3.5 |
NetInfo Manager Root Account Status Display
CVE Name:
CAN-2004-0924 |
Medium |
SB04-280 |
Apple
MacOS X 10.3.5 |
|
Medium |
SB04-280 |
Apple
Remote Desktop 2.0 |
Apple Remote Desktop Administrator Privilege Elevation
CVE Name:
CAN-2004-0962
|
High |
SB04-308 |
Apple
Safari 1.0 - 1.2.3 |
Apple Safari Web Browser HTML Form Status Bar Misrepresentation |
Medium |
SB04-357 |
Apple
Safari 1.2.3 |
Apple Safari Cross-Domain Dialog Box Spoofing |
Medium |
SB04-301 |
Apple
Safari 1.2.4 |
Apple Safari Open Windows Injection |
High |
SB04-357
SB04-350 |
Apple
Safari Beta 2, 1.0, 1.1 |
Safari Denial of Service
|
Low |
SB04-077 |
Apple
Safari Beta 2, 1.0-1.2.3 |
Apple Safari Web Browser Infinite Array Sort Denial of Service |
Low |
SB04-336 |
APSIS
Pound 1.5 |
Pound Remote Format String
|
High |
SB04-133 |
ARJ Software Inc.
UNARJ 2.62-2.65 |
ARJ Software UNARJ Remote Buffer Overflow
CVE Name:
CAN-2004-0947
|
High |
SB04-350
SB04-329
SB04-322 |
Astaro
Conectiva
Debian
Devil-Linux
Mandrake
RedHat
Slackware
SuSE
TurboLinux
Trustix
Linux kernel 2.4.18, 2.4.19, 2.4.21-2.4.26, 2.6-2.6.7
|
|
Medium |
SB04-189
SB04-175 |
Astaro
Astaro Security Linux 4 |
Astaro Security Linux System Information Disclosures |
Medium |
SB04-315 |
AStArt Technologies
LPRng 3.8.28 |
AStArt Technologies LPRng "lprng_certs.sh" Script Insecure Temporary File Creation |
High |
SB04-364 |
Atari
Atari800 1.3.1 & prior |
Atari800 Emulator Multiple Buffer Overflows
CVE Name:
CAN-2004-1076
|
High |
SB04-357
SB04-350
SB04-336 |
AtBas
2fax 3.04 |
AtBas 2fax expandtabs() Buffer Overflow |
High |
SB04-357
|
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP5, and 8.1 SP2; and prior service packs |
WebLogic Administrative Console Password Disclosure |
Medium |
SB04-259 |
| Bell Labs
Unix Seventh Edition
|
Mkdir Buffer Overflow
|
High |
SB04-161 |
Ben Yacoub Hatem
MySQL Backup Pro 1.0.5-1.0.7 |
MySQL Backup Pro Information Disclosure |
Medium |
SB04-245 |
Benchmark Design
WHM Autopilot 2.4.5 and prior |
Benchmark Designs' WHM Autopilot Backdoor Allows Plaintext Credential
Leakage |
Medium |
SB04-231 |
Bharat Mediratta
Gallery 1.4.4 |
|
High |
SB04-252
SB04-245 |
Bharat Mediratta
Gallery 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1. |
Gallery Remote 'register_ globals' Code Execution |
High |
CyberNotes-2004-03 |
BitWizard
mtr 0.55 through 0.65 |
BitWizard mtr 'mtr_curses_keyaction()' Function Buffer Overflow |
Medium |
SB04-350 |
| blosxom.com
Blosxom 2.0 |
Blosxom ‘Writeback’ Plug-in Cross-Site Scripting |
High |
SB04-175 |
| BNBT
BitTorrent Beta 7.5 Release 2 and prior versions
|
BNBT BitTorrent Tracker Denial Of Service |
Low/High (High if arbitrary code can be executed) |
SB04-147 |
| BNBT
cbtt75_20040515
|
CBTT Can Be Crashed By Remote Users Sending Specially Crafted HTTP Basic Authentication Headers |
Low |
SB04-147 |
Bolthole
Filter 2.6.1 |
Bolthole Filter save_embedded_address() Buffer Overflow |
High |
SB04-357
|
Botan
Botan 1.3-1.3.6 |
Botan ‘Es_Unix’ Elevated Privileges |
Medium |
CyberNotes-2004-01 |
Brad Fears
PhpCode Cabinet 0.1-0.4 |
PHPCode Cabinet Multiple Cross-Site Scripting |
High |
SB04-058 |
Brad Fears
PhpCode Cabinet 0.2-0.4 |
PHPCode Cabinet Arbitrary Code Execution |
High |
SB04-058 |
British National Corpus
SARA |
SARA Remote Buffer Overflow |
High |
SB04-245 |
BSD
csv2xml 0.5.1 |
BSD csv2xml get_csv_token() Buffer Overflow |
High |
SB04-357 |
bsd-games
bsd-games 2.9, 2.12-2.14 |
BSD-Games File Name Buffer Overflow |
Medium |
SB04-119 |
BSD
Junkie: 0.3.1 |
BSD Junkie Input Validation Holes |
High |
SB04-357 |
BSD
tnftp 20030825 |
BSD tnftp mget() Input Validation Hole |
High |
SB04-357 |
| BusyBox
Linux Utilities 1.0 pre9, Linux Utilities 1.0 pre8, Linux Utilities 1.0 pre10
|
BusyBox Local Netlink Mishandling Vulnerability |
Low |
SB04-147 |
| Caolan McNamara & Dom Lachowicz
wvWare version 0.7.4, 0.7.5, 0.7.6 and 1.0.0 |
|
|
SB04-343
SB04-315
SB04-266
SB04-259
SB04-203 |
Caolan Mc-Namara
XInterceptTalk xitalk 1.1.11 |
XInterceptTalk XITalk Arbitrary Command Execution
|
Medium |
SB04-077 |
| Carl Harris
pop client 3.0 b6
|
pop client Off-By-One Overflow
|
High/Low
(High if arbitrary code can be executed; and Low if a DoS)
|
SB04-189 |
Carnegie Mellon University
Cyrus IMAP Server 2.2.9 and prior versions |
Carnegie Mellon Cyrus IMAP Server Off-by-one Overflow
CVE Name:
CAN-2004-1067 |
High |
SB04-350 |
Carnegie Mellon University
Cyrus IMSP Daemon 1.4, 1.5a6, 1.6a3, 1.7 |
Cyrus IMSP Daemon Remote Buffer Overflow |
High |
|
Carnegie Mellon University
Cyrus SASL 1.5.24, 1.5.27, 1.5.28, 2.1.9-2.1.18 |
Cyrus SASL Buffer Overflow & Input Validation
CVE Name:
CAN-2004-0884
|
|
SB04-322
SB04-294
SB04-287 |
Carsten Haitzler
imlib 1.x |
Carsten Haitzler imlib Image Decoding Integer Overflow
CVE Name:
CAN-2004-1026
CAN-2004-1025 |
High |
SB04-364
SB04-357
SB04-350
SB04-343 |
Caudium
Caudium 1.2 .x, 1.3 .x, 1.4.1, 1.4.2. 1.4.4 RC1 |
Caudium Off-by-One Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-308 |
cdp.Sourceforge.net
cdp 0.4, 0.33 |
CDP PrintTOC Function Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-119
SB04-105 |
CGIscript.NET
csFAQ |
csFAQ Path Disclosure |
Medium |
SB04-203 |
Charles Cazabon
getmail 4.0.0b10, 4.0-4.0.13, 4.1-4.1.5; Gentoo Linux 1.4 |
Getmail Privilege Escalation |
Medium |
SB04-287
SB04-280
SB04-273 |
Cherokee
Cherokee 0.x |
Cherokee Cross-Site Scripting
|
High |
CyberNotes-2004-03 |
Chris Walshaw
abc2mtex 1.6.1 |
Chris Walshaw abc2mtex process_abc() Buffer Overflow |
High |
SB04-357 |
Christoph Appel
Perl Crypt::ECB 1.1 -2, 1.1 |
Christoph Appel Perl Crypt::ECB Incorrect Block Encryption |
Medium |
SB04-357 |
Christoph Dalitz
abctab2ps 1.6.3 |
Christoph Dalitz abctab2ps Buffer Overflows |
High |
SB04-357 |
Citadel Systems
Citadel/UX 6.27 and prior versions |
Citadel/UX Format String |
High |
SB04-350 |
Citadel/ UX
Citadel/ UX 5.90, 5.91 |
Citadel/UX Insecure Default Permissions |
Medium |
SB04-119 |
Citadel/UX
Citadel/UX 6.23 and prior |
Citadel/UX Remote Buffer Overflow Vulnerability |
High |
SB04-217 |
Clam Anti- Virus
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68-1, 0.68 |
Clam Anti-Virus ClamAV Arbitrary Command Execution |
High |
SB04-105 |
clamav. Source forge.net
Clam Anti-Virus ClamAV 0.65 |
ClamAV Daemon Remote Denial of Service
|
Low |
SB04-058 |
clamav. Source forge.net
ClamAV 0.65, 0.67 |
ClamAV RAR Archive Remote Denial of Service
|
Low |
SB04-091 |
Computer Associates
Inoculate IT 6.0 |
InoculateIT Insecure Default Installation |
Medium |
SB04-058 |
Concurrent Versions System ,
Caldera
Conectiva
Debian
Fedora ,
FreeBSD
Gentoo
Immunix
Mandrake
OpenBSD
OpenPKG
NetBSD
RedHat
SGI
Slackware
SuSE
TurboLinux
CVS 1.11.15 and prior versions (stable); 1.12.7 and prior versions (feature);
Gentoo Linux 1.4;
NetBSD Current, 1.6-1.6.2
|
|
High |
SB04-161 |
| Concurrent Versions System
1.11.15 and prior versions (stable); 1.12.7 and prior versions (feature)
|
|
Medium |
SB04-147 |
Concurrent Versions Systems (CVS) 1.11 |
CVS Undocumented Flag Information Disclosure
CVE Name:
CAN-2004-0778 |
Low |
SB04-301
SB04-287
SB04-273 |
CPAN WWW:: Form
CPAN WWW:: Form 1.12 & prior |
CPAN WWW::Form HTML Injection |
High |
CyberNotes-2004-03 |
| cPanel Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 .0-R85, 9.1
|
cPanel Unauthorized Database Password Changes |
Medium |
SB04-175 |
| cPanel, Inc.
cluecentral suexec.patch
|
cPanel ‘mod_php’ suEXEC Trait
|
High |
SB04-175 |
| cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4- 6.4.2, 7.0, 8.0, 9.0, 9.1 .0-R85, 9.1
|
CPanel Perl Script Failure To Implement Taint Mode |
High |
SB04-175 |
cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 |
cPanel Login Script Remote Command Execution
|
|
SB04-077 |
cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 |
cPanel ‘dir’ Field Cross-Site Scripting
|
|
SB04-077 |
cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4-6.4.2, 7.0, 8.0, 9.0, 9.1 |
cPanel ‘Resetpass’ Remote Command Execution |
|
SB04-077 |
CPanel, Inc.
cPanel 9.1 |
CPanel Multiple Remote Cross-Site Scripting Vulnerabilities
|
High |
SB04-091 |
cPanel, Inc.
cPanel 9.1.0-R85 |
cPanel Multiple Module Cross-Site Scripting |
High |
SB04-105 |
| CPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4, 6.4.1, 6.4.2 STABLE_48, 6.4.2, 7.0. 8.0, 9.0, 9.1 .0-R85, 9.1
|
cPanel Apache ‘mod_phpsuexec’ Options
|
High
|
SB04-161 |
| cPanel, Inc.
cPanel 5.0, 5.3, 6.0, 6.2, 6.4, 6.4.1, 6.4.2 .STABLE_48, 6.4.2, 7.0, 8.0, 9.0, 9.1 .0-R85, 9.1
|
cPanel ‘/scripts/killacct’ Script Customer Account DNS Information Deletion |
Medium |
SB04-161 |
cPanel, Inc.
cPanel 9.4.1-RELEASE-64; 9.9.1-RELEASE-3 |
cPanel Backup & FrontPage Management Remote Arbitrary File Modifications |
Medium/High
(High if root access can be obtained)
|
SB04-301
SB04-294 |
cPanel, Inc.
cPanel 9.4.1-STABLE 65 |
cPanel Truncated Password Brute Force |
Medium |
SB04-301 |
Cscope
Cscope 13.0, 15.1, 15.3-15.5 |
Cscope Insecure Temporary File Creation & #include Statement Buffer Overflow
CVE Name:
CAN-2004-0996
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-357
SB04-329 |
CVS
Caldera
Conectiva
Debian
Fedora
Gentoo
Immunix
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Slackware
SuSE
CVS 1.10.7, 1.10.8, 1.11‑1.11.6, 1.11.10, 1.11.11, 1.11.14‑1.11.16, 1.12.1, 1.12.2, 1.12.5, 1.12.7, 1.12.8; Gentoo Linux 1.4; OpenBSD –current, 3.4, 3.5; OpenPKG Current, 1.3, 2.0 |
|
Low/ High
(Low if a DoS; and High if arbitrary code can be executed)
|
SB04-287
SB04-273
SB04-175 |
cvstrac.org
CVSTrac 1.1.3 |
CVSTrac "filediff" Arbitrary Command Execution Vulnerability |
High |
SB04-231 |
D. J. Bernstein
QM ail 1.03 |
QM ail Remote Denial of Service |
Low |
CyberNotes-2004-02 |
dadaIMC
dadaimc 0.95-0.98.2 |
dadaIMC HTML Injection |
High |
SB04-301 |
Dan Bernstein
QM ail 1.0 3, 1.0 2 |
Mail-QMTPD Buffer Overflow |
Medium |
SB04-077 |
Dans Guardian
Webmin Module prior to 0.5.9 |
Webmin Module Remote Directory Traversal |
Medium |
CyberNotes-2004-02 |
Dave McMurtrie
up-imapproxy, 1.2.2 |
Up-IMAPProxy Multiple Remote Vulnerabilities |
Low /Medium
(Medium if sensitive information can be obtained)
|
SB04-322 |
| Dave White
Dr. Cat 0.5 .0-beta
|
Dr.Cat Drcatd Multiple Local Buffer Overflows |
High |
SB04-189 |
David Collier-Brown
ssmtp 2.50.6 |
SSMTP Mail Transfer Agent Symbolic Link |
Low/ Medium
(Medium if files are corrupted or elevated privileges are obtained)
|
SB04-119 |
David Collier-Brown
ssmtp 2.50.6 |
SSMTP Mail Transfer Format String Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-133
SB04-119 |
David Giffin
xlreader 0.9.0 |
David Giffin xlreader book_format_sql() Buffer Overflow |
High |
SB04-357 |
David Lechnyr
Confirm 0.50-0.55, 0.60-0.62 |
Confirm E-Mail Header Remote Command Execution |
High |
SB04-077 |
David Stes
IPMenu Netfilter/ IPtables Rule Editor .1, Editor .2, Editor .3 |
IPMenu Unsafe 'ipmenu.log' Temporary File |
Medium |
SB04-133 |
| Debian
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
sup sup 1.8
|
|
High |
SB04-175 |
Debian
FSP Suite 2.x |
Debian FSP Vulnerabilities
CVE Names:
CAN-2004-0001
CAN-2003-1022 |
Medium/High
(High if arbitrary code can be executed) |
|
Debian
GNU/ Linux unstable alias sid, GNU/ Linux 3.0 |
Netpbm Temporary File
CVE Name:
CAN-2003-0924 |
Medium |
|
Debian
libapache-mod-ssl, courier (sqwebmail), mailreader |
Debian updates for libapache-mod-ssl , courier, and mailreader |
High |
SB04-217 |
Debian
telnetd 0.17 -25, 0.17 -18 |
Debian GNU/Linux Telnetd Invalid Memory Handling
CVE Name:
CAN-2004-0911
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-301
SB04-287 |
Debian
Debian GNU/Linux 3.0, Debian GNU/Linux unstable alias sid
|
Debian hpsockd Buffer Overflow Vulnerability
|
Low/High
(High if arbitrary code can be executed)
|
SB04-343 |
Debian
debmake |
|
High |
SB04-364 |
Dom Lachowicz
AbiWord 2.0.7 and prior |
Dom Lachowicz AbiWord "wv" Library Buffer Overflow |
High |
SB04-343 |
Donald R Woods
Spider 1.1 |
Spider Game Buffer Overflow |
High |
SB04-280 |
Double Precision, Inc.
Inter7 Courier-IMAP 1.6, 1.7, 2.0 .0, 2.1- 2.1.2, 2.2 .0. 2.2.1 |
|
High |
SB04-252
SB04-245 |
Doug Hanks
sudosh 1.0, 1.1, 1.2.2, 1.2.3, 1.3, 1.3.2, 1.3.4-1.3.6 |
Sudosh Shell Environment Variable Processing |
Not Specified |
SB04-308 |
Downhill Battle
Blog Torrent Preview Version 0.8 |
Downhill Battle Blog Torrent 'btdownload.php' Input Validation
|
|
SB04-343 |
ECW-Shop
ECW-Shop 5.01, 5.5 |
ECW-Shop ‘Cat’ Parameter Cross-Site Scripting |
High |
|
Eggheads Development Team
Eggdrop IRC bot 1.6.10- 1.6.15 |
Eggdrop ‘Share Mod’ Remote Sharebot Status |
High |
SB04-058 |
emil
emil 2.0.4, 2.0.5, 2.1.0-beta9 |
Emil Multiple Buffer Overflow & Format String |
High |
SB04-119
SB04-091 |
EnderUNIX SDT
Hafiye 1.0 |
Hafiye Terminal Escape Sequence |
High |
SB04-245 |
EnderUNIX SDT
Isoqlog 2.1.1, 2.2 beta
|
Isoqlog Multiple Buffer Overflows
|
High
|
SB04-161 |
EnderUNIX SDT
Spamguard 1.6
|
Spamguard Multiple Buffer Overflows
|
High |
SB04-161 |
energymech. net
EnergyMech 2.99.79 & prior |
EnergyMech ESAY Command Buffer Overflow |
Not Specified |
SB04-336 |
Epic Games, Inc.
Unreal Tournament |
|
High |
SB04-203 |
Eric Raymond
cstrings 2.x |
cstrings Insecure Temporary File Creation |
Medium |
CyberNotes-2004-02 |
Eric S. Raymond
Email Filter 0.9 .0.5, 0.9 .0.4, 0.9 .0.3, 0.92, 0.92.4, 0.92.6, 0.92.7 |
Bogofilter EMail Filter Remote Denial of Service
CVE Name:
CAN-2004-1007
|
Low |
SB04-329
SB04-315 |
Esearch
Gentoo
emerge search tool 0.3.1, 0.4-0.4.2, 0.5-0.5.3, 0.6, 0.6.1
|
Esearch eupdatedb Symbolic Link |
Medium |
SB04-189 |
eSeSIX Computer GmbH
Thintune OS 2.4.38 |
Thintune Client Multiple Vulnerabilities |
Medium |
SB04-217 |
Ethereal
Ethereal 0.x |
Ethereal: Multiple security problems
CVE Names:
CAN-2004-0633
CAN-2004-0634
CAN-2004-0635 |
Low/High
(High if arbitrary code can be executed)
|
SB04-231
SB04-203
SB04-259
SB04-231
SB04-203 |
extremail.com
eXtremail 1.0-1.0.3, 1.1- 1.1.10,
1.5 –8, 1.5 –5, 1.5, 1.5.9
|
eXtremail Authentication Bypass |
Medium |
SB04-077 |
eXtropia
WebStore (version unknown) |
eXtropia WebStore Input Validation Bug Lets Remote Users Execute Arbitrary Commands |
High |
SB04-203 |
Federico D. Sacerdoti
Ansel 2.1 |
Federico D. Sacerdoti Ansel "image" SQL Injection & Script Insertion |
High |
SB04-343 |
Federico David Sacerdoti
Ansel 1.2, 1.3, 1.4, 2.0 |
Federico David Sacerdoti Ansel Insecure Default Permissions
|
Medium |
SB04-294 |
Fedora Project
Fedora Core 1
Fedora Core 2 |
Fedora update for httpd |
Medium |
SB04-203 |
Fedora Project
Fedora Core 2 |
Fedora im-switch Insecure Temporary File Creation Vulnerability |
Medium |
SB04-203 |
fidogate.org
FIDOGATE 4.4.5-4.4.7, 4.4.9 |
FIDOGATE Input Validation |
Medium |
SB04-245 |
| Firebird
Firebird 1.0
|
Firebird Remote Database Name Buffer Overflow
|
High/Low
(High if arbitrary code can be executed)
|
SB04-161 |
Florian Heinz
Nstx IP Over DNS Utility 1.0, 1.1, beta1-beta3 |
NSTX Remote Denial of Service
|
Low |
SB04-091 |
fprobe.sourceforge.net
fprobe 1.x |
fprobe Flaw in 'Change User' Feature |
Not Specified |
SB04-273 |
Fred Dalrymple
Docbook-to-Man |
Fred Dalrymple Docbook-to-Man Insecure Temporary File Creation |
High |
SB04-364 |
Fredric Fredricson
P4DB Repository Web Interface 0.99 h-2, 2.0 1, 2.0 |
P4DB Multiple Input Validation
|
High |
SB04-133 |
Free Software Foundation
CatDoc 0.91.5 |
CatDoc XLSView Local Insecure Temporary File Creation
CVE Name:
CAN-2003-0193
|
Medium |
SB04-308 |
Free Software Foundation
rootsh prior to version 1.4.1 |
Free Software Foundation rootsh Security Bypass |
Medium |
SB04-350 |
FreeBSD
fetch |
FreeBSD fetch() Buffer Overflow |
High |
SB04-329 |
| FreeBSD
FreeBSD 4.0-RELENG, 4.8-RELENG, 4.8-RELEASE-p7, 4.8-PRERELEASE, 4.8, 4.9-RELENG, 4.9-PRERELEASE, 4.9, 4.10-RELENG, 4.10-RELEASE, 4.10, 5.2-RELENG, 5.2-RELEASE, 5.2, 5.2.1-RELEASE
|
|
Medium |
SB04-161 |
| FreeBSD
FreeBSD 4.10 –RELEASE, 5.1 –RELENG, 5.1 -RELEASE/Alpha, 5.1 -RELEASE-p5, 5.1 –RELEASE, 5.1, 5.2.1 -RELEASE
|
FreeBSD execve() Denial of Service
|
Low |
SB04-189 |
| FreeBSD
FreeBSD 4.8, 4.9, 4.10, 5.2
|
FreeBSD Linux Binary Compatibility Memory Access
CVE Name:
CAN-2004-0602
|
Medium/ Low
(Medium if sensitive information can be obtained or elevated privileges; and Low if a DoS)
|
SB04-189 |
| FreeBSD
FreeBSD 4.x
|
FreeBSD ‘jail(2)’ Routing Table Modification
CVE Name:
CAN-2004-0125
|
Medium |
SB04-175 |
FreeBSD
OpenBSD 3.x;
NetBSD 1.x;
FreeBSD 4.x, 5.x
|
|
Medium |
CyberNotes-2004-03 |
FreeBSD Project
FreeBSD Kernel |
FreeBSD Kernel Memory Disclosure
CVE Name:
CAN-2004-1066 |
Medium |
SB04-343 |
FreeBSD
SSLTelnet version 0.13-1 |
SSLTelnet Remote Format String Vulnerability
CVE Name:
CAN-2004-0640 |
High |
SB04-203 |
FreeBSD/OpenBSD
FreeBSD 4.6.2, 4.7-4.9, 5.0-5.2;
OpenBSD 3.3, 3.4
|
BSD Out-of- Sequence Packets Remote Denial of Service
CVE Name:
CAN-2004-0171
|
Low |
SB04-280
SB04-077
|
FreeBSD
FreeBSD |
|
Low |
CyberNotes-2004-03 |
FreeBSD
FreeBSD 5.1 –Release, 5.1, 5.2 –Release, 5.2 |
FreeBSD Unauthorized Jailed Process Attaching
CVE Name:
CAN-2004-0126
|
Medium |
SB04-077 |
FreeBSD
FreeBSD 5.1-Release, 5.2-Release |
FreeBSD mksnap_ffs File System Option Reset
CVE Name:
CAN-2004-0099
|
Medium |
CyberNotes-2004-03 |
FreeBSD
FreeBSD 5.2 -Release |
FreeBSD IPv6 Socket Options Information Disclosure |
Medium |
SB04-105 |
FreeBSD
FreeBSD 5.x |
|
Medium |
SB04-280 |
| FreeIPS
FreeIPS 1.0
|
FreeIPS Protected Service Remote Denial of Service
|
Low |
SB04-175 |
FreeRADIUS Server Project
FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0 |
|
Low |
SB04-322
SB04-308
SB04-287
SB04-273 |
F-Secure
Anti-Virus For Linux 4.52 |
Anti-Virus For Linux Unspecified Scanner Bypass |
Medium |
SB04-077 |
F-Secure
SSH Server 3.0.0- 3.0.9,
3.1 .0
|
F-Secure SSH Server Policy Evasion
|
Medium |
SB04-077 |
fte.source forge.net
fte text editor 0.49.13 |
FTE Multiple Local Unspecified Buffer Overflow
CVE Name:
CAN-2003-0648
|
Low/High
(High if arbitrary code can be executed)
|
SB04-105 |
Fujitsu
Fujitsu ServerView 3.0 |
|
Mailing Lists & Feeds
