Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2004-12-06	CVE-2004-0565	Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. local low complexity mandrakesoft gentoo linux trustix	2.1
2004-12-06	CVE-2004-0497	Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. local low complexity mandrakesoft conectiva gentoo linux redhat suse trustix	2.1
2004-12-06	CVE-2004-0496	Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. local low complexity mandrakesoft suse gentoo linux sun	7.2
2004-12-06	CVE-2004-0456	Remote Stack-Based Buffer Overrun vulnerability in Pavuk Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. network high complexity pavuk debian gentoo	7.6
2004-11-23	CVE-2004-0333	Buffer Overrun vulnerability in UUDeview MIME Archive Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. network low complexity openpkg uudeview winzip gentoo critical	10.0
2004-10-20	CVE-2004-0746	Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. network low complexity kde gentoo mandrakesoft suse	7.5
2004-09-28	CVE-2004-0500	MSN Protocol Buffer Overflow vulnerability in Gaim Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. network low complexity rob-flynn gentoo mandrakesoft	7.5
2004-08-18	CVE-2004-0432	ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. network low complexity proftpd-project gentoo trustix	7.5
2004-08-18	CVE-2004-0419	XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. network low complexity x-org xfree86-project gentoo	7.5
2004-08-18	CVE-2004-0232	Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. network low complexity midnight-commander sgi gentoo slackware	5.0