CVE List 2003

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2003-1604
7.8 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. May 2, 2016, 05:05 am
CVE-2003-1327
9.3 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wu-ftpd Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. December 30, 2003, 23:12 pm
CVE-2003-0854
2.1 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low fileutils ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. November 16, 2003, 23:11 pm
CVE-2003-0545
10.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssl Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. November 16, 2003, 23:11 pm
CVE-2003-0544
5.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. November 16, 2003, 23:11 pm
CVE-2003-0543
5.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. November 16, 2003, 23:11 pm
CVE-2003-0388
4.6 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name. July 23, 2003, 23:07 pm
CVE-2003-0131
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssl The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." March 23, 2003, 23:03 pm
CVE-2003-0078
5.0 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." March 2, 2003, 23:03 pm
CVE-2003-0028
7.5 MV Product/Version
affected:
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High glibc Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. March 24, 2003, 23:03 pm