10.0

DATE	CVE	VULNERABILITY TITLE	RISK
2004-12-31	CVE-2004-2395	Unspecified vulnerability in Mandrakesoft products Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. local low complexity mandrakesoft	2.1
2004-12-31	CVE-2004-2394	Unspecified vulnerability in Mandrakesoft products Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. local low complexity mandrakesoft	2.1
2004-12-31	CVE-2004-2392	Multiple Unspecified vulnerability in Mandrakesoft Mandrake Linux and Mandrake Linux Corporate Server libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs. network low complexity mandrakesoft	5.0
2004-12-31	CVE-2004-0817	BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2 Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. network low complexity enlightenment imagemagick sun conectiva mandrakesoft redhat suse turbolinux ubuntu	7.5
2004-12-31	CVE-2004-0802	BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2 Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. network high complexity enlightenment imagemagick sun conectiva mandrakesoft redhat suse turbolinux ubuntu	5.1
2004-12-23	CVE-2004-0805	Remote Stereo Boundary Buffer Overflow vulnerability in MPG123 Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. network low complexity mpg123 mandrakesoft	7.5
2004-12-23	CVE-2004-0803	Buffer Overflow vulnerability in LibTIFF Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. network low complexity libtiff pdflib wxgtk2 apple kde mandrakesoft redhat suse trustix	7.5
2004-12-21	CVE-2004-1307	Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. network low complexity avaya f5 libtiff sgi conectiva apple gentoo mandrakesoft sco sun	7.5
2004-12-06	CVE-2004-0565	Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. local low complexity mandrakesoft gentoo linux trustix	2.1
2004-12-06	CVE-2004-0497	Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. local low complexity mandrakesoft conectiva gentoo linux redhat suse trustix	2.1