CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 1CVE-2004-0114 – BSD - SHMAT System Call Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0114
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. La llamada de sistema shmat en el interfaz de Memoria Compartida de Sistema V de FreeBSD 5.2 y anteriores, NetBSD 1.3 y anteriores, y OpenBSD 2.6 y anteriores, no decrementa adecuadamente un contador de referencias de segmentos de memoria compartidos cuando al función vm_map_find falla, lo que podría permitir a usuarios locales ganar acceso de lectura y escritura a una porción de memoria del kernel y ganar privilegios. • https://www.exploit-db.com/exploits/23655 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc http://marc.info/?l=bugtraq&m=107608375207601&w=2 http://www.openbsd.org/errata33.html#sysvshm http://www.osvdb.org/3836 http://www.pine.nl/press/pine-cert-20040201.txt http://www.securityfocus.com/bid/9586 https://exchange.xforce.ibmcloud.com/vulnerabilities/15061 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2004-0106
https://notcve.org/view.php?id=CVE-2004-0106
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. Múltiples vulnerabilidades desconocidas en XFree86 4.1.0 to 4.3.0 relacionadas con el manejo inapropiado de ficheros de fuentes, un grupo de vulnerabilidades diferente de CAN-2004-0083. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://www.debian.org/security/2004/dsa-443 http://www.mandriva.com/security/advisories?name=MDKSA-2004:012 http://www.novell.com/linux/security/advisories/2004_06_xf86.html http://www.redhat.com/support/errata/RHSA-2004-059.html http://www.redhat.com/support/errata/RHSA-2004-060.html http://www.redhat.com/support/errata/RHSA-2004-061.html http://w •
CVSS: 10.0EPSS: 10%CPEs: 9EXPL: 2CVE-2004-0084 – XFree86 4.x - CopyISOLatin1Lowered Font_Name Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0084
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. Desbordamiento de búfer en la función ReadFontAlias en XFree86 4.1.0 a 4.3.0, cuando se usa la función CopyISOLatin1Lowered, permite a usuarios locales o remotos autenticados ejecutar código arbitrario mediante una entrada malformada en el fichero de aliases de fuentes (font.alias), una vulnerabilidad distinta de CAN-2004-0083 y CAN-2004-0106. • https://www.exploit-db.com/exploits/23690 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 http://marc.info/?l=bugtraq&m=107662833512775&w=2 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1 http://www.debian.org/security/2004/dsa-443 http://www.idefense.com/application/poi/display? •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 2CVE-2004-0083 – XFree86 4.3 - Font Information File Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0083
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. Desbordamiento de búfer en ReadFontAlias de XFree86 4.1.0 a 4.3.0 permite a usuarios locales y atacantes remotos ejecutar código arbitrario mediante un fichero de aliases de fuentes (font.alias) con un token largo, una vulnerabilidad distinta de CAN-2004-0084 y CAN-2004-0106. • https://www.exploit-db.com/exploits/23682 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 http://marc.info/?l=bugtraq&m=107644835523678&w=2 http://marc.info/?l=bugtraq&m=107653324115914&w=2 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200402-02.xml http://sunsolve.sun.com/search/document.do? •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1082
https://notcve.org/view.php?id=CVE-2004-1082
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. • http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html http://www.ciac.org/ciac/bulletins/p-049.shtml http://www.securityfocus.com/bid/9571 http://www.securitytracker.com/alerts/2004/Dec/1012414.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 •