High

DATE	CVE	VULNERABILITY TITLE	RISK
2005-01-10	CVE-2004-1072	Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. local low complexity linux redhat suse trustix turbolinux	7.2
2005-01-10	CVE-2004-1071	Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. local low complexity linux redhat suse trustix turbolinux	7.2
2005-01-10	CVE-2004-1070	Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. local low complexity linux redhat suse trustix turbolinux	7.2
2004-12-31	CVE-2004-0817	BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2 Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. network low complexity enlightenment imagemagick sun conectiva mandrakesoft redhat suse turbolinux ubuntu	7.5
2004-12-23	CVE-2004-0803	Buffer Overflow vulnerability in LibTIFF Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. network low complexity libtiff pdflib wxgtk2 apple kde mandrakesoft redhat suse trustix	7.5
2004-11-23	CVE-2004-0494	Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. network low complexity avaya redhat	7.5
2004-09-16	CVE-2004-0827	Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. network low complexity enlightenment imagemagick sun conectiva mandrakesoft redhat suse turbolinux ubuntu	7.5
2004-03-03	CVE-2004-0105	Buffer Overflow/Format String Handling vulnerability in Metamail Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. network low complexity metamail-corporation sgi redhat	7.5
2004-03-03	CVE-2004-0104	Buffer Overflow/Format String Handling vulnerability in Metamail Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. network low complexity metamail-corporation sgi redhat	7.5
2003-08-27	CVE-2003-0699	Remote Security vulnerability in Linux Advanced Work Station The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700. network low complexity redhat	7.5