Debian: >> Debian Linux >> 3.0 Security Vulnerabilities
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.218
Published
2004-10-20
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
CVSS Score
7.5
EPSS Score
0.022
Published
2004-09-28
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.258
Published
2004-09-28
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-09-28
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVSS Score
7.1
EPSS Score
0.0
Published
2004-09-28
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVSS Score
5.0
EPSS Score
0.12
Published
2004-09-16
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
CVSS Score
10.0
EPSS Score
0.005
Published
2004-08-06
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-08-06
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
CVSS Score
5.0
EPSS Score
0.011
Published
2004-08-06
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVSS Score
5.1
EPSS Score
0.78
Published
2004-07-27