SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Search Results

MetricIDDate
Public		Name
37.96VU#20013206/13/2003Various UNIX and Linux PDF readers/viewers execute commands embedded within hyperlinks
36VU#95374602/11/2003Oracle9i Database contains remotely exploitable buffer overflow in "ORACLE.EXE"
29.72VU#54297106/26/2002Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups
29.72VU#80353906/26/2002Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows
28.12VU#97136405/02/2003HP-UX "kermit" vulnerable to buffer overflow
27.75VU#67399304/09/2003PopTop PPTP Server contains buffer overflow in "ctrlpacket.c"
27VU#66378602/11/2003Oracle9i Database contains remotely exploitable buffer overflow in "BFILENAME" function
27VU#74395402/11/2003Oracle9i Database contains remotely exploitable buffer overflow in "TZ_OFFSET" function
27VU#84066602/11/2003Oracle9i Database contains remotely exploitable buffer overflow in "TO_TIMESTAMP_TZ" function
26.52VU#98122202/18/2004Linux kernel mremap(2) system call does not properly check return value from do_munmap() function
25.98VU#17688803/26/2001Linux kernel contains race condition via ptrace/procfs/execve
25.81VU#17980403/23/2004Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory
25.65VU#73745107/20/2001SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters
23.62VU#30115612/01/2003Linux kernel do_brk() function contains integer overflow
21.88VU#88608304/30/2001WU-FTPD does not properly handle file name globbing
21.37VU#79826309/08/2001Taylor UUCP Package fails to properly filter command line arguments
20.05VU#96087711/04/2000Red Hat linux restore uses insecure environment variables allowing root compromise
19.03VU#73833110/01/2002Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow
18.87VU#15365310/31/2000Linux dump uses environment variables insecurely, allowing for root compromise
15.82VU#13402502/07/2003kernel-utils sets insecure permissions on "uml_net" utility
15.26VU#80063501/25/2002rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
14.42VU#41573403/10/2004F-Secure Anti-Virus for Linux fails to properly detect Sober.D virus
14.4VU#22618412/16/2004Samba vulnerable to integer overflow processing file security descriptors
14.25VU#62884903/17/2003ptrace contains vulnerability allowing for local root compromise
13.53VU#49062001/05/2004Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
13.38VU#25856407/14/2003Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function
12.57VU#36118109/26/2005Helix Player format string vulnerability
12.15VU#91468109/20/2005Mozilla Firefox fails to properly sanitize user-supplied URIs via shell script
11.81VU#97365406/14/2004Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
11.05VU#12400303/21/2002Apache HTTP Server on Win32 systems does not securely handle input passed to CGI programs
10.96VU#40595507/29/2002util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility
10.79VU#39988307/26/2001Linux groff utility pic contains format string vulnerability
10.68VU#12189101/02/2002Buffer overflow vulnerability in grpck command line utility
10.68VU#87781101/02/2002Buffer overflow vulnerability in pwck command line utility
10.54VU#65316009/14/2004Mozilla Linux installer does not properly set file permissions
10.26VU#40509212/19/2006Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI
9.21VU#69864002/08/2001Linux kernel does not properly validate user input via sysctl for negative value
9VU#11827710/18/2000The Oracle Internet Directory LDAP (oidldapd) contains buffer overflow
8.9VU#97117906/27/2001UUCP package contains multiple buffer overflows via long string of characters sent as command line argument
8.77VU#68546103/27/2005Linux kernel Bluetooth support fails to properly bounds check "protocol" variable
8.32VU#21839504/15/2008CUPS integer overflow vulnerability
7.65VU#77372005/14/2007Samba NDR MS-RPC heap buffer overflow
7.59VU#2209103/22/2000gpm-root fails to correctly release GID 0 membership for user defined menus
7.48VU#69830211/22/2004nfs-utils vulnerable to buffer overflow in "getquotainfo()" in "rquota_server.c"
7.43VU#26833605/14/2007Samba command injection vulnerability
7.2VU#92521105/13/2008Debian and Ubuntu OpenSSL packages contain a predictable random number generator
7.03VU#52773604/11/2001mkpasswd uses weak random number generator
6.91VU#58012407/26/2006MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls
6.73VU#68640308/31/2000ld.so fails to unset LD_PRELOAD before executing suid root programs
5.85VU#34901907/09/2001Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file
5.73VU#18403007/01/2004MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function
5.73VU#23030702/25/2002Linux kernel netfilter IRC DCC helper module creates overly permissive firewall rules
5.73VU#32756009/04/2004Mozilla "send page" feature contains a buffer overflow vulnerability
5.4VU#96448801/10/2001ISC inn creates temporary files insecurely
4.5VU#57992801/10/2001diffutils sdiff creates temporary files insecurely
4.35VU#85668912/21/2005VMware NAT Service vulnerable to buffer overflow via FTP PORT/EPRT commands
4.3VU#99503812/23/2004Debian Linux Netkit telnetd-ssl contains a format string vulnerability
3.71VU#92068903/12/2007Linux Kernel vulnerable to DoS via the ipv6_getsockopt_sticky() function
3.64VU#42850012/19/2006Mozilla LiveConnect vulnerable to crash finalizing JS objects
3.64VU#44777212/19/2006Mozilla JavaScript Engine multiple memory corruption vulnerabilities
3.37VU#48199809/15/2004Apache vulnerable to buffer overflow when expanding environment variables
3.37VU#79702706/19/2001OpenSSH does not initialize PAM session thereby allowing PAM restrictions to be bypassed
3.37VU#92552912/07/2006Madwifi wireless driver buffer overflow vulnerability
3.24VU#12991010/22/2004SuSe Linux LibTIFF package vulnerable to buffer overflow
3.15VU#89848011/20/2001MandrakeSoft Mandrake Linux Apache default configuration sample programs disclose server information
3.03VU#2570107/27/2000Linux gpm daemon allows arbitrary file removal
3.03VU#3584207/03/2000man 'makewhatis' insecurely uses /tmp
3VU#61090412/22/2000Oracle Internet Directory LDAP Daemon does not check write permissions properly
2.95VU#33723801/16/2004Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode
2.69VU#68156905/23/2006Linux Kernel may fail to properly handle SNMP packets
2.65VU#42645601/10/2001gpm creates temporary files insecurely
2.64VU#2414003/27/2000Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic
2.23VU#64532607/01/2004MySQL fails to properly handle overly long "scramble" values
1.82VU#24957902/10/2001klogd does not adequately handle NULL byte when parsing text using LogLine( )
1.39VU#80152602/03/2004util-linux login program discloses sensitive information
1.36VU#47108406/09/2003Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors
1.35VU#72391003/31/2004MPlayer contains a buffer overflow in the HTTP parser
1.35VU#97084907/12/2007libarchive does not properly terminate loop
1.28VU#52388802/17/2005Gaim vulnerable to HTML processing denial of service
1.28VU#79581202/28/2005Gaim vulnerable to DoS via specially crafted HTML
1.28VU#83928002/17/2005Gaim vulnerable to malformed SNAC packet infinite processing loop
1.06VU#72619811/17/2004SMB filesystem read system call vulnerable to buffer overflow
1.06VU#29668112/06/2006Intel network drivers privilege escalation vulnerability
1.02VU#25302412/14/2004Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()
0.91VU#51219311/20/2007IBM Director fails to properly time-out connection requests from clients
0.63VU#11029704/12/2007Flash Player information disclosure vulnerability
0.63VU#37754409/04/2007MIT Kerberos 5 kadmind privilege escalation vulnerability
0.48VU#98113408/25/2004Linux kernel USB drivers do not initialize kernel memory properly
0.3VU#42408001/10/2001shadow-utils useradd creates temporary files insecurely
0.23VU#31269205/31/2006Shadow Utils useradd utility sets incorrect file permissions
0.21VU#91370411/20/2001MandrakeSoft Mandrake Linux Apache default configuration enables directory indexing
0.21VU#92725611/20/2001MandrakeSoft Mandrake Linux Apache default configuration enables Perl ProxyPass server on 8200/tcp
0.18VU#45532306/17/2002Mandrake Security may make unexpected system modifications
0.1VU#11080305/23/2001CrushFTP Server does not adequately filter user input thereby permitting directory traversal
0.1VU#66414109/26/2000Debian glibc 2 symlink issue could allow arbitrary file overwriting
0.06VU#30036808/29/2006X.Org fails to check for setuid failure on Linux systems
0.03VU#24598410/19/2006The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory
0VU#3404307/16/2000rpc.statd vulnerable to remote root compromise via format string stack overwrite
0VU#49396602/12/2004Libxml2 URI parsing errors in nanohttp and nanoftp
0VU#71784407/12/2006Linux kernel fails to properly handle malformed SCTP packets

If this page is empty, your search did not match any documents.

Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information