Search Results (10202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1174 2 Debian, Redhat 2 Shadow, Enterprise Linux 2026-04-16 N/A
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
CVE-2003-0440 3 Debian, Redhat, Semi 4 Debian Linux, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1142 7 Altlinux, Conectiva, Debian and 4 more 9 Alt Linux, Linux, Debian Linux and 6 more 2026-04-16 N/A
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
CVE-2004-1139 7 Altlinux, Conectiva, Debian and 4 more 9 Alt Linux, Linux, Debian Linux and 6 more 2026-04-16 N/A
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
CVE-2004-1076 2 Atari800, Debian 2 Atari800, Debian Linux 2026-04-16 N/A
Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.
CVE-2004-1051 5 Debian, Mandrakesoft, Todd Miller and 2 more 7 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 4 more 2026-04-16 N/A
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
CVE-2006-2016 2 Debian, Phpldapadmin Project 2 Debian Linux, Phpldapadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
CVE-2004-1001 1 Debian 1 Shadow 2026-04-16 N/A
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
CVE-2004-1000 1 Debian 1 Lintian 2026-04-16 N/A
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
CVE-2004-0994 2 Debian, Zgv 3 Debian Linux, Xzgv Image Viewer, Zgv Image Viewer 2026-04-16 N/A
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
CVE-2004-0981 5 Debian, Gentoo, Imagemagick and 2 more 5 Debian Linux, Linux, Imagemagick and 2 more 2026-04-16 N/A
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVE-2002-0044 3 Debian, Gnu, Redhat 3 Debian Linux, Enscript, Linux 2026-04-16 N/A
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
CVE-2004-0833 1 Debian 1 Debian Linux 2026-04-16 N/A
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
CVE-2004-0889 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2026-04-16 N/A
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVE-2004-0915 2 Debian, Viewcvs 2 Debian Linux, Viewcvs 2026-04-16 N/A
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
CVE-2004-0451 2 Debian, Sup 2 Debian Linux, Sup 2026-04-16 N/A
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
CVE-2004-0456 3 Debian, Gentoo, Pavuk 3 Debian Linux, Linux, Pavuk 2026-04-16 N/A
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
CVE-2004-0770 2 Debian, Dgen 2 Debian Linux, Emulator 2026-04-16 N/A
romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.
CVE-2004-0011 1 Debian 1 Fsp 2026-04-16 N/A
Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.
CVE-2003-0361 1 Debian 1 Debian Linux 2026-04-16 N/A
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.