Product:

Linux

(Conectiva)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 63
Date Id Summary Products Score Patch Annotated
2005-03-01 CVE-2004-1029 The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. Linux, Linux, Hp\-Ux, Java_sdk\-Rte, Jdk, Jre, Enterprise_firewall, Gateway_security_5400 N/A
2005-01-10 CVE-2004-1013 The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. Cyrus_imap_server, Linux, Openpkg, Fedora_core, Secure_linux, Ubuntu_linux N/A
2005-01-10 CVE-2004-1012 The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. Cyrus_imap_server, Linux, Openpkg, Fedora_core, Secure_linux, Ubuntu_linux N/A
2005-01-10 CVE-2004-1011 Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. Cyrus_imap_server, Linux, Openpkg, Fedora_core, Secure_linux, Ubuntu_linux N/A
2005-01-27 CVE-2004-0930 The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. Linux, Linux, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux_advanced_workstation, Samba, Samba N/A
2004-09-14 CVE-2004-0905 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. Linux, Firefox, Mozilla, Navigator, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation, Suse_linux N/A
2004-12-31 CVE-2004-0904 Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. Linux, Firefox, Mozilla, Thunderbird, Navigator, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation N/A
2005-01-27 CVE-2004-0903 Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. Linux, Mozilla, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation, Suse_linux N/A
2005-01-27 CVE-2004-0902 Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. Linux, Mozilla, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation, Suse_linux N/A
2005-01-27 CVE-2004-0884 The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs. Linux, Sasl N/A