Vulnerabilities > Gentoo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-03-01 | CVE-2004-1034 | Remote Buffer Overflow vulnerability in Kaffeine Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file. | 10.0 |
| 2005-03-01 | CVE-2004-1033 | Local vulnerability in Fcron FCronTab/FCronSighUp Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. | 2.1 |
| 2005-03-01 | CVE-2004-1032 | fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. | 2.1 |
| 2005-03-01 | CVE-2004-1031 | Local vulnerability in Fcron FCronTab/FCronSighUp fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. | 7.2 |
| 2005-03-01 | CVE-2004-1030 | Local vulnerability in Fcron FCronTab/FCronSighUp fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. | 2.1 |
| 2005-03-01 | CVE-2004-1029 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | 9.3 |
| 2005-03-01 | CVE-2004-0990 | Remote Integer Overflow vulnerability in GD Graphics Library Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. | 10.0 |
| 2005-03-01 | CVE-2004-0983 | Denial Of Service vulnerability in Yukihiro Matsumoto Ruby CGI Module The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | 5.0 |
| 2005-02-22 | CVE-2005-0535 | Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | 7.5 |
| 2005-02-09 | CVE-2004-0981 | Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. | 10.0 |