CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 2CVE-2004-0497 – Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0497
02 Jul 2004 — Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. Vulnerabilidad desconocida en el kernel 2.x de Linux puede permitir a usuarios locales modificar el ID de grupo de ficheros, como ficheros exportados con NFS en kernel 2.4. A problem exists in the Linux kernel 2.4 and 2.6 series where missing Discretionary Access Control (DAC) in the chown(2) system call allow an attacker with a local account the ability to change the gr... • https://packetstorm.news/files/id/35495 •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2004-0495 – 200420kernel.txt
https://notcve.org/view.php?id=CVE-2004-0495
23 Jun 2004 — Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. Múltiples vulnerabilidades desconocidas en el kernel de Linux 2.4 y 2.6 permiten a usuarios locales ganar privilegios o acceder a memoria del kernel, como se ha encontrado mediante la herramienta de comprobación de código fuente "Sparse". A problem exists in the Linux kernel 2.4 and 2.6 series where missing Discretionary Access Control (... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 1CVE-2004-0554 – Linux Kernel 2.4.x/2.6.x - Assembler Inline Function Local Denial of Service
https://notcve.org/view.php?id=CVE-2004-0554
15 Jun 2004 — Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. El kernel de Linux 2.4.2x y 2.6.x para x86 permite a usuarios locales causar una denegación de servicio (caída del sistema), posiblemente mediante un bucle infinito que dispara un manejador de señal con una cierta secuencia de instruccion... • https://www.exploit-db.com/exploits/306 •
CVSS: 6.5EPSS: 2%CPEs: 26EXPL: 0CVE-2004-0421 – CAN-2004-0421 libpng can access out of bounds memory
https://notcve.org/view.php?id=CVE-2004-0421
03 May 2004 — The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. La librería de Graficos de Red Portables (libpng) 1.0.15 y anteriores permiten a atacantes causar una denegación de servicio (caída) mediante un fichero de imagen PNG que dispara un error que causa un lectura fuera de límites cuando se crea el mensaje de error. Steve Gru... • http://lists.apple.com/mhonarc/security-announce/msg00056.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2004-0111
https://notcve.org/view.php?id=CVE-2004-0111
15 Apr 2004 — gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. gdk-pixbuf anteiores a 0.20 permite a atacantes causar una denegación de servicio (caída) mediante un fichero de mapa de bits (BMP) malformado. • http://www.debian.org/security/2004/dsa-464 •
CVSS: 7.5EPSS: 2%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
18 Mar 2004 — OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt •
CVSS: 7.5EPSS: 2%CPEs: 252EXPL: 0CVE-2004-0079 – Cisco Security Advisory 20040317-openssl
https://notcve.org/view.php?id=CVE-2004-0079
17 Mar 2004 — The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. A Null-pointer assignment during an SSL handshake can result in a denial of... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 245EXPL: 0CVE-2004-0112 – Cisco Security Advisory 20040317-openssl
https://notcve.org/view.php?id=CVE-2004-0112
17 Mar 2004 — The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una dene... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 49%CPEs: 7EXPL: 3CVE-2004-0104 – Metamail 2.7 - Multiple Buffer Overflow / Format String Handling Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-0104
19 Feb 2004 — Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. Múltiples vulnerabilidades de cadena de formato en Metamail 2.7 y anteriores permiten a atacantes remotos ejecutar código arbitrario. Two format string bugs and two buffer overflows exist in Metamail versions 2.2 through 2.7. Patch and test scripts to test for these vulnerabilities are available here. • https://packetstorm.news/files/id/33433 •
CVSS: 9.8EPSS: 15%CPEs: 7EXPL: 1CVE-2004-0105 – metamailBUGS.txt
https://notcve.org/view.php?id=CVE-2004-0105
19 Feb 2004 — Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. Múltiples desbordamientos de búfe en Metamail 2.7 y anteriores permiten a atacantes remtos ejecutar código arbitrario. Two format string bugs and two buffer overflows exist in Metamail versions 2.2 through 2.7. Patch and test scripts to test for these vulnerabilities are available here. • https://packetstorm.news/files/id/33433 •