CVE List 2004

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2004-2014
2.6 MV Product/Version
affected:
CGE 6.0
Low wget Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. December 30, 2004, 23:12 pm
CVE-2004-1488
5.0 MV Product/Version
affected:
CGE 6.0
Medium wget wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. April 26, 2005, 23:04 pm
CVE-2004-1392
5.0 MV Product/Version
affected:
CGE 6.0
Medium php PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. December 30, 2004, 23:12 pm
CVE-2004-1382
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low glibc The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. December 30, 2004, 23:12 pm
CVE-2004-1335
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low kernel Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function. December 14, 2004, 23:12 pm
CVE-2004-1333
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low kernel Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. December 14, 2004, 23:12 pm
CVE-2004-1235
6.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Medium intuity_audix Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. April 13, 2005, 23:04 pm
CVE-2004-1138
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High vim VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. January 9, 2005, 23:01 pm
CVE-2004-1073
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low kernel The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. January 9, 2005, 23:01 pm
CVE-2004-1065
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High openpkg Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. January 9, 2005, 23:01 pm
CVE-2004-1064
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. January 9, 2005, 23:01 pm
CVE-2004-1063
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. January 9, 2005, 23:01 pm
CVE-2004-1019
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High openpkg The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. January 9, 2005, 23:01 pm
CVE-2004-1018
10.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. January 9, 2005, 23:01 pm
CVE-2004-1016
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low kernel The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition. January 9, 2005, 23:01 pm
CVE-2004-0986
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High suse_iptables Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers. February 28, 2005, 23:02 pm
CVE-2004-0977
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low postgresql The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0976
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low perl Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0975
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low openssl The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0974
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low netatalk The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0972
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low lvm The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0971
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low kerberos The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0969
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low groff The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0968
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low glibc The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0967
7.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High ghostscript The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. February 8, 2005, 23:02 pm
CVE-2004-0959
2.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low php rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. November 2, 2004, 23:11 pm
CVE-2004-0958
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Medium php php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. November 2, 2004, 23:11 pm
CVE-2004-0811
7.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
High appache Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. December 30, 2004, 23:12 pm
CVE-2004-0595
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Medium integrated_management The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null () characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. July 26, 2004, 23:07 pm
CVE-2004-0452
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Low perl Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. December 20, 2004, 23:12 pm
CVE-2004-0421
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
Medium libpng The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. August 17, 2004, 23:08 pm
CVE-2004-0230
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
Medium tcp TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. August 17, 2004, 23:08 pm
CVE-2004-0185
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
High wu-ftpd Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. March 14, 2004, 23:03 pm
CVE-2004-0148
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
High propack wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. April 14, 2004, 23:04 pm
CVE-2004-0081
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
Medium webstar OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. November 22, 2004, 23:11 pm