Conectiva Linux vulnerabilities
60 known vulnerabilities affecting conectiva/linux.
Total CVEs
60
CISA KEV
0
Public exploits
17
Exploited in wild
0
Severity breakdown
CRITICAL15HIGH17MEDIUM18LOW10
Vulnerabilities
Page 2 of 3
CVE-2004-1307P3HIGHCVSS 7.5v9.0v10.02004-12-21
CVE-2004-1307 [HIGH] CVE-2004-1307: Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remot
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
nvd
CVE-2004-0902P3CRITICALCVSS 10.0v9.0v10.02005-01-27
CVE-2004-0902 [CRITICAL] CVE-2004-0902: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII
nvd
CVE-2004-0801P3HIGHCVSS 7.5v9.0v10.02004-09-16
CVE-2004-0801 [HIGH] CVE-2004-0801: Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attacker
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
nvd
CVE-2005-0736P4LOWCVSS 2.1PoCv10.02005-03-09
CVE-2005-0736 [LOW] CVE-2005-0736: Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
nvd
CVE-2005-0754P4HIGHCVSS 7.5v9.0v10.02005-04-22
CVE-2005-0754 [HIGH] CVE-2005-0754: Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
nvd
CVE-2001-0439P4HIGHCVSS 7.5v4.0v4.0es+3 more2001-07-02
CVE-2001-0439 [HIGH] CVE-2001-0439: licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
nvd
CVE-2004-0817P4HIGHCVSS 7.5v9.0v10.02004-12-31
CVE-2004-0817 [HIGH] CVE-2004-0817: Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execut
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
nvd
CVE-2001-0170P4LOWCVSS 2.1PoCv4.0v4.0es+7 more2001-03-26
CVE-2001-0170 [LOW] CVE-2001-0170: glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS e
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
nvd
CVE-2004-0554P4LOWCVSS 2.1PoCv8.0v9.02004-08-06
CVE-2004-0554 [LOW] CVE-2004-0554: Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash),
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
nvd
CVE-2005-0373P4HIGHCVSS 7.5v9.0v10.02004-10-07
CVE-2005-0373 [HIGH] CVE-2005-0373: Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
nvd
CVE-2004-0497P4LOWCVSS 2.1PoCv102004-12-06
CVE-2004-0497 [LOW] CVE-2004-0497: Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, suc
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
nvd
CVE-2000-0747P4CRITICALCVSS 10.0v4.1v4.2+1 more2000-10-20
CVE-2000-0747 [CRITICAL] CVE-2000-0747: The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the k
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
nvd
CVE-2004-0827P4HIGHCVSS 7.5v9.0v10.02004-09-16
CVE-2004-0827 [HIGH] CVE-2004-0827: Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
nvd
CVE-2004-1145P4MEDIUMCVSS 5.0v9.0v10.02004-12-15
CVE-2004-1145 [MEDIUM] CVE-2004-1145: Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java c
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
nvd
CVE-2005-3625P4CRITICALCVSS 10.0v10.02005-12-31
CVE-2005-3625 [CRITICAL] CWE-399 CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
nvd
CVE-2004-0802P4MEDIUMCVSS 5.1v9.0v10.02004-12-31
CVE-2004-0802 [MEDIUM] CVE-2004-0802: Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrar
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
nvd
CVE-2004-1337P4HIGHCVSS 7.2v10.02004-12-23
CVE-2004-1337 [HIGH] CVE-2004-1337: The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the c
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
nvd
CVE-2004-0884P4HIGHCVSS 7.2v9.0v10.02005-01-27
CVE-2004-0884 [HIGH] CVE-2004-0884: The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH envi
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
nvd
CVE-2004-0495P4HIGHCVSS 7.2v8.0v9.02004-08-06
CVE-2004-0495 [HIGH] CVE-2004-0495: Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
nvd
CVE-2001-1374P4HIGHCVSS 7.2v6.0v7.02001-07-19
CVE-2001-1374 [HIGH] CVE-2001-1374: expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allo
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
nvd