Every CVE whose affected-product data names Conectiva Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (63)
CVE-2000-0666 — CVSS 10.0 (critical): rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote…
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-0902 — CVSS 10.0 (critical): Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow…
CVE-2004-0882 — CVSS 10.0 (critical): Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via…
CVE-2004-0557 — CVSS 10.0 (critical): Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers…
CVE-2004-1013 — CVSS 10.0 (critical): The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary…
CVE-2004-1012 — CVSS 10.0 (critical): The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary…
CVE-2000-0747 — CVSS 10.0 (critical): The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
CVE-2000-0844 — CVSS 10.0 (critical): Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local…
CVE-2004-1011 — CVSS 10.0 (critical): Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to…
CVE-2004-0904 — CVSS 10.0 (critical): Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before…
CVE-2004-0903 — CVSS 10.0 (critical): Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before…
CVE-2002-0083 — CVSS 9.8 (critical): Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2004-1029 — CVSS 9.3 (critical): The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly…
CVE-2003-0780 — CVSS 9.0 (critical): Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE…
CVE-2001-0439 — CVSS 7.5 (high): licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
CVE-2001-0440 — CVSS 7.5 (high): Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute…
CVE-2001-0473 — CVSS 7.5 (high): Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
CVE-2001-0690 — CVSS 7.5 (high): Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote…
CVE-2004-0801 — CVSS 7.5 (high): Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute…
CVE-2004-0817 — CVSS 7.5 (high): Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2004-0827 — CVSS 7.5 (high): Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a…
CVE-2004-1307 — CVSS 7.5 (high): Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code…
CVE-2005-0373 — CVSS 7.5 (high): Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL…
CVE-2005-0699 — CVSS 7.5 (high): Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and…
CVE-2005-0754 — CVSS 7.5 (high): Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute…
CVE-2004-0884 — CVSS 7.2 (high): The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available…
CVE-2004-1337 — CVSS 7.2 (high): The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is…
CVE-2001-0128 — CVSS 7.2 (high): Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain…
CVE-2000-1134 — CVSS 7.2 (high): Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing <<…
CVE-2000-1095 — CVSS 7.2 (high): modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
CVE-2005-0750 — CVSS 7.2 (high): The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users…
CVE-2004-0495 — CVSS 7.2 (high): Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the…
CVE-2001-1374 — CVSS 7.2 (high): expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges…
CVE-2001-0834 — CVSS 6.4 (medium): htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate…
CVE-2004-1235 — CVSS 6.2 (medium): Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6…
CVE-2004-0802 — CVSS 5.1 (medium): Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP…
CVE-2004-0807 — CVSS 5.0 (medium): Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed…
CVE-2003-0468 — CVSS 5.0 (medium): Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email…
CVE-2003-0540 — CVSS 5.0 (medium): The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-0626 — CVSS 5.0 (medium): The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote…
CVE-2001-0136 — CVSS 5.0 (medium): Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE…
CVE-2004-0930 — CVSS 5.0 (medium): The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service…
CVE-2004-1142 — CVSS 5.0 (medium): Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
CVE-2004-1145 — CVSS 5.0 (medium): Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not…
CVE-2005-1043 — CVSS 5.0 (medium): exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a…
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2000-0668 — CVSS 5.0 (medium): pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm…
CVE-2004-1139 — CVSS 5.0 (medium): Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service…
CVE-2004-0905 — CVSS 4.6 (medium): Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform…
CVE-2000-0701 — CVSS 4.6 (medium): The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain…
CVE-2001-1375 — CVSS 4.6 (medium): tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local…
CVE-2000-0667 — CVSS 3.6 (low): Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.
CVE-2000-0715 — CVSS 2.1 (low): DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a…
CVE-2004-0535 — CVSS 2.1 (low): The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read…
CVE-2004-0554 — CVSS 2.1 (low): Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that…
CVE-2001-0178 — CVSS 2.1 (low): kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which…
CVE-2005-0736 — CVSS 2.1 (low): Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large…
CVE-2001-0170 — CVSS 2.1 (low): glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing…
CVE-2004-0497 — CVSS 2.1 (low): Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVE-2005-0207 — CVSS 2.1 (low): Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
CVE-2000-0633 — CVSS 2.1 (low): Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.