Weekly Vulnerabilities Reports > September 27 to October 3, 2004

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Debian, KDE, and Nicolas Boullis. Vulnerabilities are notably categorized as "NULL Pointer Dereference", and "Link Following".

1 reported vulnerabilities are remotely exploitables.
1 reported vulnerabilities are exploitable by an anonymous user.
Debian has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

REMOTELY
EXPLOITABLE

LOCALLY
EXPLOITABLE

EXPLOIT
AVAILABLE

EXPLOITABLE
ANONYMOUSLY

AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

0 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

2 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2004-09-28	CVE-2004-0458	Nicolas Boullis Debian	NULL Pointer Dereference vulnerability in multiple products mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.	7.5
2004-09-28	CVE-2004-0689	KDE Debian	Link Following vulnerability in multiple products KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.	7.1

Expand/Hide

0 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

0 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS