CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 2CVE-2004-2014 – WGet 1.x - Insecure File Creation Race Condition
https://notcve.org/view.php?id=CVE-2004-2014
31 Dec 2004 — Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. • https://www.exploit-db.com/exploits/24123 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2004-2459
https://notcve.org/view.php?id=CVE-2004-2459
31 Dec 2004 — Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table. • http://sourceforge.net/project/shownotes.php?group_id=94176&release_id=248016 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2004-2264
https://notcve.org/view.php?id=CVE-2004-2264
31 Dec 2004 — Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed • http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0794.html •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1453
https://notcve.org/view.php?id=CVE-2004-1453
31 Dec 2004 — GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. • http://bugs.gentoo.org/show_bug.cgi?id=59526 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2004-2531
https://notcve.org/view.php?id=CVE-2004-2531
31 Dec 2004 — X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. • http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2004-0555
https://notcve.org/view.php?id=CVE-2004-0555
31 Dec 2004 — Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code. • http://securitytracker.com/id?1012929 •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0CVE-2004-1186
https://notcve.org/view.php?id=CVE-2004-1186
31 Dec 2004 — Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2004-1485
https://notcve.org/view.php?id=CVE-2004-1485
31 Dec 2004 — Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. • http://marc.info/?l=bugtraq&m=109882085912915&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2461
https://notcve.org/view.php?id=CVE-2004-2461
31 Dec 2004 — Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code. • http://gnubiff.sourceforge.net/changelog.php •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2004-1377
https://notcve.org/view.php?id=CVE-2004-1377
27 Dec 2004 — The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files. • http://secunia.com/advisories/13641 •