Full List

Search

Recent Vulnerabilities

• CVE-2003-0058 • published on September 1, 2004 MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
• CVE-2003-0062 • published on September 1, 2004 Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.
• CVE-2003-0068 • published on September 1, 2004 The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
• CVE-2003-0075 • published on September 1, 2004 Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
• CVE-2003-0094 • published on September 1, 2004 A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
• CVE-2003-0102 • published on September 1, 2004 Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
• CVE-2003-0079 • published on September 1, 2004 The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
• CVE-2003-0069 • published on September 1, 2004 The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
• CVE-2003-0088 • published on September 1, 2004 TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
• CVE-2003-0093 • published on September 1, 2004 The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.
• CVE-2003-0097 • published on September 1, 2004 Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
• CVE-2003-0100 • published on September 1, 2004 Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
• CVE-2003-0107 • published on September 1, 2004 Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
• CVE-2003-0120 • published on September 1, 2004 adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
• CVE-2003-0124 • published on September 1, 2004 man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.
• CVE-2003-0145 • published on September 1, 2004 Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
• CVE-2003-0070 • published on September 1, 2004 VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
• CVE-2003-0071 • published on September 1, 2004 The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
• CVE-2003-0077 • published on September 1, 2004 The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
• CVE-2003-0078 • published on September 1, 2004 ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."