Vulnerabilities > Openpkg > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-02-09 CVE-2004-0957 Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. 6.8
6.8
2005-01-27 CVE-2004-0918 Resource Management Errors vulnerability in multiple products
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
network
low complexity
openpkg squid gentoo redhat trustix ubuntu CWE-399
5.0
5.0
2004-08-06 CVE-2004-0417 Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
network
low complexity
cvs openpkg sgi gentoo openbsd
5.0
5.0
2004-05-05 CVE-2004-1997 Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
local
low complexity
kolab openpkg
4.6
4.6
2003-08-27 CVE-2003-0615 Cross-Site Scripting vulnerability in CGI.pm Start_Form
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. 		4.3
4.3
2003-03-31 CVE-2003-0147 OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
network
low complexity
openpkg openssl stunnel
5.0
5.0