Summary
Detail | |||
---|---|---|---|
Vendor | Conectiva | First view | 2004-08-06 |
Product | Linux | Last view | 2005-12-31 |
Version | 10.0 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:conectiva:linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
2.1 | 2005-05-02 | CVE-2005-0207 | Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. |
7.5 | 2005-04-22 | CVE-2005-0754 | Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. |
5 | 2005-04-14 | CVE-2005-1043 | exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. |
6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
7.2 | 2005-03-27 | CVE-2005-0750 | The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. |
2.1 | 2005-03-09 | CVE-2005-0736 | Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. |
7.5 | 2005-03-08 | CVE-2005-0699 | Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values. |
9.3 | 2005-03-01 | CVE-2004-1029 | The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. |
5 | 2005-01-27 | CVE-2004-0930 | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. |
10 | 2005-01-27 | CVE-2004-0903 | Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. |
10 | 2005-01-27 | CVE-2004-0902 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. |
7.2 | 2005-01-27 | CVE-2004-0884 | The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs. |
10 | 2005-01-27 | CVE-2004-0882 | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. |
10 | 2005-01-10 | CVE-2004-1013 | The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. |
10 | 2005-01-10 | CVE-2004-1012 | The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. |
10 | 2005-01-10 | CVE-2004-1011 | Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. |
10 | 2004-12-31 | CVE-2004-0904 | Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. |
7.5 | 2004-12-31 | CVE-2004-0817 | Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. |
5.1 | 2004-12-31 | CVE-2004-0802 | Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. |
7.2 | 2004-12-23 | CVE-2004-1337 | The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges. |
7.5 | 2004-12-21 | CVE-2004-1307 | Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. |
5 | 2004-12-15 | CVE-2004-1145 | Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-399 | Resource Management Errors |
25% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
25% (1) | CWE-189 | Numeric Errors |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
15761 | KDE Kommander Dialog Action Arbitrary Script Execution |
15630 | PHP EXIF Header Large IFD Nesting Level DoS |
15214 | Linux Kernel NFS Client O_DIRECT DoS |
15084 | Linux Kernel bluez_sock_create() Local Underflow |
14777 | Linux Kernel sys_epoll_wait() Function Local Overflow |
14612 | Ethereal 3GPP2 A11 Dissector dissect_a11_radius() Function Overflow |
12791 | Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation |
12604 | Linux Security Modules Running Processes Privilege Escalation |
12556 | LibTIFF STRIPOFFSETS Flag TIFFFetchStripThing() Function Overflow |
12512 | KDE Konqueror Restricted Class Access Java Sandbox Bypass |
12383 | Ethereal Malformed SMB Packet DoS |
12380 | Ethereal DICOM Dissector DoS |
12098 | Cyrus IMAP Server FETCH Command Partial Argument Remote Overflow |
12097 | Cyrus IMAP Server Partial Command Argument Parser Remote Overflow |
12096 | Cyrus IMAP Server IMAPMAGICPLUS Option Pre-Authentication Remote Overflow |
12095 | Sun Java JRE Plug-in Capability Arbitrary Package Access |
11782 | Samba QFILEPATHINFO Unicode Filename Request Handler Overflow |
11555 | Samba ms_fnmatch() Function Wildcard Matching Remote DoS |
10555 | Cyrus SASL SASL_PATH Variable Overflow |
10554 | Cyrus SASL digestmda5.c Overflow |
10528 | Mozilla Multiple Products Link non-ASCII Hostname Overflow |
10527 | Mozilla Multiple Products POP3 Response Overflow |
ExploitDB Exploits
id | Description |
---|---|
374 | SoX Local Buffer Overflow Exploiter (Via Crafted WAV File) |
OpenVAS Exploits
id | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021688.nasl |
2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5009547.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5010966.nasl |
2009-10-10 | Name : SLES9: Security update for Cyrus SASL File : nvt/sles9p5011031.nasl |
2009-10-10 | Name : SLES9: Security update for cyrus-sasl File : nvt/sles9p5011476.nasl |
2009-10-10 | Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5011912.nasl |
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5012017.nasl |
2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5013049.nasl |
2009-10-10 | Name : SLES9: Security update for imlib File : nvt/sles9p5014360.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
2009-10-10 | Name : SLES9: Security update for samba File : nvt/sles9p5015059.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5016846.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5019347.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021505.nasl |
2009-10-10 | Name : SLES9: Security update for webdav apache module File : nvt/sles9p5013988.nasl |
2009-06-03 | Name : Solaris Update for sdtimage 114220-11 File : nvt/gb_solaris_114220_11.nasl |
2009-06-03 | Name : Solaris Update for CDE 1.5 114219-11 File : nvt/gb_solaris_114219_11.nasl |
2009-06-03 | Name : Solaris Update for sdtimage 109932-10 File : nvt/gb_solaris_109932_10.nasl |
2009-06-03 | Name : Solaris Update for CDE 1.4 109931-10 File : nvt/gb_solaris_109931_10.nasl |
2009-05-05 | Name : HP-UX Update for Java Plug-In (JPI) HPSBUX01100 File : nvt/gb_hp_ux_HPSBUX01100.nasl |
2009-05-05 | Name : HP-UX Update for Java Web Start HPSBUX01214 File : nvt/gb_hp_ux_HPSBUX01214.nasl |
2009-05-05 | Name : HP-UX Update for Apache with PHP HPSBUX01090 File : nvt/gb_hp_ux_HPSBUX01090.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-16 (Konqueror, kde, kdelibs) File : nvt/glsa_200501_16.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45172 - Type : BROWSER-FIREFOX - Revision : 1 |
2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45171 - Type : BROWSER-FIREFOX - Revision : 1 |
2014-01-10 | Microsoft Windows Bitmap width integer overflow multipacket attempt RuleID : 3634 - Type : WEB-CLIENT - Revision : 9 |
2014-01-10 | Microsoft Windows Bitmap width integer overflow attempt RuleID : 3632 - Type : FILE-IMAGE - Revision : 25 |
2015-10-01 | Microsoft Windows Bitmap width integer overflow attempt RuleID : 35848 - Type : FILE-IMAGE - Revision : 3 |
2014-01-10 | RADIUS ATTR_TYPE_STR overflow attempt RuleID : 3541 - Type : SERVER-OTHER - Revision : 7 |
2014-01-10 | RADIUS registration vendor ATTR_TYPE_STR overflow attempt RuleID : 3540 - Type : SERVER-OTHER - Revision : 7 |
2014-01-10 | RADIUS MSID overflow attempt RuleID : 3539 - Type : SERVER-OTHER - Revision : 7 |
2014-01-10 | RADIUS registration MSID overflow attempt RuleID : 3538 - Type : SERVER-OTHER - Revision : 7 |
2014-01-10 | Oracle Java Plugin security bypass RuleID : 21462 - Type : FILE-JAVA - Revision : 6 |
2014-01-10 | login buffer overflow attempt RuleID : 1842-community - Type : PROTOCOL-IMAP - Revision : 34 |
2014-01-10 | login buffer overflow attempt RuleID : 1842 - Type : PROTOCOL-IMAP - Revision : 34 |
2014-01-10 | Oracle Java Web Start malicious parameter value RuleID : 17586 - Type : FILE-JAVA - Revision : 14 |
2014-01-10 | Samba unicode filename buffer overflow attempt RuleID : 15986 - Type : SERVER-SAMBA - Revision : 8 |
2014-01-10 | Samba wildcard filename matching denial of service attempt RuleID : 15581 - Type : SERVER-SAMBA - Revision : 5 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_hplip-110812.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_hplip-110812.nasl - Type: ACT_GATHER_INFO |
2013-02-22 | Name: The remote Unix host has an application that is affected by a security bypass... File: java_jre_multiple_applet_vulnerability_unix.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-345.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2011-08-26 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_hplip-110812.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9363.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_00644f03fb5811d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_013fa252072411d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_3e4ffe76e0d411d89b0a000347a4fa7d.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_92268205194711d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_a711de5c05fa11d9a9b200061bc2ad93.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ac619d063ef811d98741c942c075aa41.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ba005226fb5b11d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ba13dc13340d11d9ac1b000d614f7fad.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_foomatic-filters-1436.nasl - Type: ACT_GATHER_INFO |
2007-01-08 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-406.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |