cbcvebase.

Conectiva Linux vulnerabilities

60 known vulnerabilities affecting conectiva/linux.

Total CVEs
60
CISA KEV
0
Public exploits
17
Exploited in wild
0
Severity breakdown
CRITICAL15HIGH17MEDIUM18LOW10

Vulnerabilities

Page 1 of 3
CVE-2003-0780P3CRITICALCVSS 9.0PoCv7.0v8.0+1 more2003-09-22
CVE-2003-0780 [CRITICAL] CVE-2003-0780: Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
nvd
CVE-2004-0557P3CRITICALCVSS 10.0PoCv8.0v9.0+1 more2004-08-06
CVE-2004-0557 [CRITICAL] CVE-2004-0557: Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
nvd
CVE-2004-1029P3CRITICALCVSS 9.3PoCv10.02005-03-01
CVE-2004-1029 [CRITICAL] CWE-264 CVE-2004-1029: The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
nvd
CVE-2000-0666P3CRITICALCVSS 10.0PoCv4.0v4.0es+4 more2000-07-16
CVE-2000-0666 [CRITICAL] CVE-2000-0666: rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untruste rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
nvd
CVE-2002-0083P3CRITICALCVSS 9.8PoCv5.0v5.1+4 more2002-03-15
CVE-2002-0083 [CRITICAL] CWE-193 CVE-2002-0083: Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malic Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
nvd
CVE-2000-0844P3CRITICALCVSS 10.0PoCv4.0v4.0es+4 more2000-11-14
CVE-2000-0844 [CRITICAL] CWE-264 CVE-2000-0844: Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected fo Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
nvd
CVE-2001-0440P4HIGHCVSS 7.5PoCv4.0v4.0es+7 more2001-07-02
CVE-2001-0440 [HIGH] CVE-2001-0440: Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
nvd
CVE-2005-0750P4HIGHCVSS 7.2PoCv10.02005-03-27
CVE-2005-0750 [HIGH] CVE-2005-0750: The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
nvd
CVE-2004-1235P4MEDIUMCVSS 6.2PoCv10.02005-04-14
CVE-2004-1235 [MEDIUM] CVE-2004-1235: Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux ke Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
nvd
CVE-2003-0540P4MEDIUMCVSS 5.0PoCv7.0v8.02003-08-27
CVE-2003-0540 [MEDIUM] CVE-2003-0540: The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of s The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" stri
nvd
CVE-2000-0668P4MEDIUMCVSS 5.0PoCv4.0v4.0es+4 more2000-07-27
CVE-2000-0668 [MEDIUM] CVE-2000-0668: pam_console PAM module in Linux systems allows a user to access the system console and reboot the sy pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
nvd
CVE-2004-0882P3CRITICALCVSS 10.0v10.02005-01-27
CVE-2004-0882 [CRITICAL] CVE-2004-0882: Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote a Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
nvd
CVE-2000-1095P4HIGHCVSS 7.2PoCv5.12001-01-09
CVE-2000-1095 [HIGH] CVE-2000-1095: modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary com modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
nvd
CVE-2004-1011P3CRITICALCVSS 10.0v9.0v10.02005-01-10
CVE-2004-1011 [CRITICAL] CVE-2004-1011: Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
nvd
CVE-2004-0903P3CRITICALCVSS 10.0v9.0v10.02005-01-27
CVE-2004-0903 [CRITICAL] CVE-2004-0903: Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
nvd
CVE-2004-1012P3CRITICALCVSS 10.0v9.0v10.02005-01-10
CVE-2004-1012 [CRITICAL] CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote auth The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
nvd
CVE-2004-0904P3CRITICALCVSS 10.0v9.0v10.02004-12-31
CVE-2004-0904 [CRITICAL] CVE-2004-0904: Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
nvd
CVE-2004-1013P3CRITICALCVSS 10.0v9.0v10.02005-01-10
CVE-2004-1013 [CRITICAL] CVE-2004-1013: The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote auth The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
nvd
CVE-2000-1134P4HIGHCVSS 7.2PoCv4.0v4.0es+4 more2001-01-09
CVE-2000-1134 [HIGH] CVE-2000-1134: Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
nvd
CVE-2005-0699P3HIGHCVSS 7.5v9.0v10.02005-03-08
CVE-2005-0699 [HIGH] CVE-2005-0699: Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (pac Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
nvd
Conectiva Linux vulnerabilities | cvebase