CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 2CVE-2004-0354 – GNU Anubis 3.6.x/3.9.x - Multiple Format String Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-0354
18 Mar 2004 — Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. • https://www.exploit-db.com/exploits/23771 •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 2CVE-2004-0353 – GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Remote Overflow
https://notcve.org/view.php?id=CVE-2004-0353
18 Mar 2004 — Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string. • https://www.exploit-db.com/exploits/23772 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2004-0131
https://notcve.org/view.php?id=CVE-2004-0131
03 Mar 2004 — The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. La función rad_print_request en logger.c del demonio GNU Radius (radiusd) anteriores a 1.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante un paquete UDP con un atributo Acct-Status-Type sin ningún v... • http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2003-0991
https://notcve.org/view.php?id=CVE-2003-0991
03 Mar 2004 — Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. Vulnerabilidad desconocida en el manejador de instrucciones por correo en Mailman anteriores a 2.0.14 permite a atacantes remotos causar una denegación de servicio (caída) mediante instrucciones de correo electrónico malformadas. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2004-2093 – rsync 2.5.7 - Local Stack Overflow / Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2093
09 Feb 2004 — Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. • https://www.exploit-db.com/exploits/152 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0992
https://notcve.org/view.php?id=CVE-2003-0992
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el scritp de creación de CGI en Mailman anteriores a 2.1.3 permite a atacantes remotos robar cookies de otros usuarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2003-0965
https://notcve.org/view.php?id=CVE-2003-0965
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mailman anteriores a 2.1.4 permite a atacantes remotos robar cookies de sesión y llevar a cabo actividades no autorizadas. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2003-1232 – Emacs 2.1 - Local Variable Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2003-1232
31 Dec 2003 — Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. • https://www.exploit-db.com/exploits/26492 •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0CVE-2003-0978
https://notcve.org/view.php?id=CVE-2003-0978
10 Dec 2003 — Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. Vulnerabilidad de cadena de formato en el cliente de GnuPG (gpg) 1.2.2 y anteriores permite a atacantes remotos o a un servidor de claves malicioso causar una denegación de servicio (caída) y posiblemente ejecutar código arbitr... • http://marc.info/?l=bugtraq&m=107047470625214&w=2 •
CVSS: 7.5EPSS: 24%CPEs: 12EXPL: 0CVE-2003-0971
https://notcve.org/view.php?id=CVE-2003-0971
02 Dec 2003 — GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. GnuPG (GPG) 1.0.2 y otras versiones anteriores a 1.2.3 crea claves firma+cifra ElGamal usando el mismo componente para cifrado y para firma, lo que permite a atacantes determinar la clave privada a partir de una firma. • ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc •