Vulnerabilities > Conectiva

DATE CVE VULNERABILITY TITLE RISK
2004-09-14 CVE-2004-0905 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
local
low complexity
mozilla netscape conectiva redhat suse
4.6
2004-09-13 CVE-2004-0807 Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
network
low complexity
samba sgi conectiva mandrakesoft suse
5.0
2004-08-06 CVE-2004-0557 Buffer Overflow vulnerability in SoX WAV File
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
network
low complexity
sox conectiva gentoo redhat
critical
10.0
2004-08-06 CVE-2004-0554 Local Denial Of Service vulnerability in Linux Kernel Floating Point Exception Handler
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
local
low complexity
avaya gentoo linux redhat suse conectiva
2.1
2004-08-06 CVE-2004-0535 The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. 2.1
2004-08-06 CVE-2004-0495 Device Driver vulnerability in Linux Kernel
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
local
low complexity
avaya gentoo linux redhat suse conectiva
7.2
2003-09-22 CVE-2003-0780 Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
network
low complexity
mysql oracle conectiva
critical
9.0
2003-08-27 CVE-2003-0540 Denial of Service vulnerability in Multiple Postfix
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
network
low complexity
wietse-venema conectiva
5.0
2003-08-27 CVE-2003-0468 Denial of Service vulnerability in Multiple Postfix
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
network
low complexity
wietse-venema conectiva
5.0
2002-03-15 CVE-2002-0083 Off-by-one Error vulnerability in multiple products
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
9.8