CVSS: 10.0EPSS: 20%CPEs: 38EXPL: 0CVE-2004-0904
https://notcve.org/view.php?id=CVE-2004-0904
24 Sep 2004 — Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. • http://bugzilla.mozilla.org/show_bug.cgi?id=255067 •
CVSS: 9.1EPSS: 3%CPEs: 73EXPL: 0CVE-2004-0817
https://notcve.org/view.php?id=CVE-2004-0817
17 Sep 2004 — Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870 •
CVSS: 8.8EPSS: 3%CPEs: 73EXPL: 0CVE-2004-0827
https://notcve.org/view.php?id=CVE-2004-0827
16 Sep 2004 — Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. • http://secunia.com/advisories/28800 •
CVSS: 9.6EPSS: 5%CPEs: 62EXPL: 1CVE-2004-0905
https://notcve.org/view.php?id=CVE-2004-0905
14 Sep 2004 — Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 •
CVSS: 9.8EPSS: 24%CPEs: 5EXPL: 0CVE-2004-0642
https://notcve.org/view.php?id=CVE-2004-0642
10 Sep 2004 — Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. Vulnerabilidades de liberación doble en el código de manejo de errores de ASN.1 en (1) la librería del Centro de Distribución de Claves (KDC) y (2) librería de cliente de MIT Kerberos 5 (krb5) 1.3.4 y anteriores puede permitir a atacantes remotos ejecutar código arbit... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 • CWE-415: Double Free •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2004-0643
https://notcve.org/view.php?id=CVE-2004-0643
10 Sep 2004 — Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. Vulnerabilidad de doble liberación de memoria en la función krb5_rd_cred de MIT Kerberos 5 (krb5) 1.3.1 y anteriores pueden permitir a usuarios locales ejecutar código de su elección. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2004-0494
https://notcve.org/view.php?id=CVE-2004-0494
05 Aug 2004 — Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. • http://rpmfind.net/linux/RPM/suse/9.3/i386/suse/i586/gnome-vfs-1.0.5-816.2.i586.html •
CVSS: 7.5EPSS: 37%CPEs: 12EXPL: 1CVE-2004-0633 – Ethereal 0.x - Multiple iSNS / SMB / SNMP Protocol Dissector Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-0633
08 Jul 2004 — The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow. El diseccionador iSNS de Ehtereal 0.10.3 a 0.10.4 permite a atacanttes remotos causar una denegación de servicio (aborto del proceso) mediante un desbordamiento de enteros. • https://www.exploit-db.com/exploits/24259 •
CVSS: 7.5EPSS: 10%CPEs: 12EXPL: 0CVE-2004-0634
https://notcve.org/view.php?id=CVE-2004-0634
08 Jul 2004 — The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference. La capacidad de "fisgar" (snoop) el SID (Security ID) de SMB (Server Message Blok) en Etheral 0.9.15 a 0.10.4 permite a atacantes remotos causar una denegación de servicio (caída del proceso) mediante un manejador sin nombre de política, lo que causa una desrefernencia nula. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 •
CVSS: 7.5EPSS: 8%CPEs: 37EXPL: 0CVE-2004-0635
https://notcve.org/view.php?id=CVE-2004-0635
08 Jul 2004 — The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read. El diseccionador SNMP de Ethereal 0.8.15 a 0.10.4 permite a atacantes remotos causar una denegación de servicio (caída del proceso) mediante cadenas de comunidad (1) malformadas o (2) inexistentes, lo que causa una lectura fuera de límites. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 •