CVSS: 9.1EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0746
https://notcve.org/view.php?id=CVE-2004-0746
14 Sep 2004 — Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 •
CVSS: 7.5EPSS: 9%CPEs: 27EXPL: 0CVE-2004-0807
https://notcve.org/view.php?id=CVE-2004-0807
13 Sep 2004 — Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. • ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 1CVE-2004-0497 – Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0497
06 Jul 2004 — Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. Vulnerabilidad desconocida en el kernel 2.x de Linux puede permitir a usuarios locales modificar el ID de grupo de ficheros, como ficheros exportados con NFS en kernel 2.4. • https://www.exploit-db.com/exploits/718 •
CVSS: 10.0EPSS: 63%CPEs: 28EXPL: 0CVE-2004-0460
https://notcve.org/view.php?id=CVE-2004-0460
24 Jun 2004 — Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. Desbordamiento de búfer en la capacidad de registro de sucesos (logging) del demonio DHCP (DHCPD) de ISC DHCP 3.0.1rc12 y 3.01rc13 permite ... • http://marc.info/?l=bugtraq&m=108795911203342&w=2 •
CVSS: 10.0EPSS: 9%CPEs: 28EXPL: 0CVE-2004-0461
https://notcve.org/view.php?id=CVE-2004-0461
24 Jun 2004 — The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. El demonio DHCP (DHCPD) de ISC DHCP 3.0.1rc12 y 3.0.1rc13, cuando se compila en entornos que no proveen la función vsnprintf, usa ficheros de inclusión de C qu... • http://marc.info/?l=bugtraq&m=108795911203342&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2004-0587
https://notcve.org/view.php?id=CVE-2004-0587
23 Jun 2004 — Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service. Permisos inseguros en el fichero /proc/scsi/qla2300/HbaApiNode en Linux permite a usuarios locales causar una denegación de servicio. • ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc •
CVSS: 7.1EPSS: 0%CPEs: 93EXPL: 0CVE-2004-0535
https://notcve.org/view.php?id=CVE-2004-0535
08 Jun 2004 — The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. El controlador e1000 del kernel de Linux 2.4.26 y anteriores no inicializa la memoria antes de usarla, lo que permite a usuarios locales leer porciones de la memoria del kernel. NOTA: Este problema ha sido originalmente descrito incorrectamente por otra... • ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2003-0041
https://notcve.org/view.php?id=CVE-2003-0041
01 Feb 2003 — Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. El cliente de ftp Kerberos permite a sitios FTP remotos ejecutar código arbitrario mediante un carácter de tubería (|) en un nombre de fichero que recupera el cliente • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2001
https://notcve.org/view.php?id=CVE-2002-2001
31 Dec 2002 — jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. • http://www.iss.net/security_center/static/7980.php •
CVSS: 5.5EPSS: 0%CPEs: 77EXPL: 2CVE-2002-2185
https://notcve.org/view.php?id=CVE-2002-2185
31 Dec 2002 — The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. • ftp://patches.sgi.com/support/free/security/advisories/20020901-01-A •