Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Secure_linux
(Trustix)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 66 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-01-10 | CVE-2004-1071 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux_advanced_workstation, Suse_linux, Secure_linux, Turbolinux_server | N/A | ||
| 2005-01-10 | CVE-2004-1070 | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux_advanced_workstation, Suse_linux, Secure_linux, Turbolinux_server | N/A | ||
| 2005-01-10 | CVE-2004-1065 | Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. | Openpkg, Php, Secure_linux, Ubuntu_linux | N/A | ||
| 2005-03-01 | CVE-2004-1051 | sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. | Debian_linux, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_multi_network_firewall, Sudo, Secure_linux, Ubuntu_linux | N/A | ||
| 2005-01-10 | CVE-2004-1019 | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | Openpkg, Php, Secure_linux, Ubuntu_linux | N/A | ||
| 2005-01-10 | CVE-2004-1013 | The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. | Cyrus_imap_server, Linux, Openpkg, Fedora_core, Secure_linux, Ubuntu_linux | N/A | ||
| 2005-01-10 | CVE-2004-1012 | The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. | Cyrus_imap_server, Linux, Openpkg, Fedora_core, Secure_linux, Ubuntu_linux | N/A | ||
| 2005-01-10 | CVE-2004-1011 | Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. | Cyrus_imap_server, Linux, Openpkg, Fedora_core, Secure_linux, Ubuntu_linux | N/A | ||
| 2005-03-01 | CVE-2004-0990 | Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. | Gdlib, Linux, Openpkg, Suse_linux, Secure_linux | N/A | ||
| 2005-03-01 | CVE-2004-0989 | Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. | Fedora_core, Secure_linux, Ubuntu_linux, Libxml, Libxml2, Command_line_xml_toolkit | N/A |