CVSS: 8.8EPSS: 36%CPEs: 23EXPL: 0CVE-2004-0688 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0688
24 Sep 2004 — Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer en xpmParseColors en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código arbitrario mediante un fichero de imagen XPM malformado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 •
CVSS: 9.8EPSS: 42%CPEs: 23EXPL: 1CVE-2004-0687 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0687
24 Sep 2004 — Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código de su elección mediante una imagen XPM malfo... • https://packetstorm.news/files/id/170620 •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2004-0257
https://notcve.org/view.php?id=CVE-2004-0257
01 Sep 2004 — OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. OpenBSD 3.4 y NetBSD 1.6 y 1.6.1 permiten a atacantes remotos causar una denegación de servicio (caida) enviand un paquete IPv6 con una MTU pequeña a un puerto en escucha y a continuación un conectar TCP a ese puerto. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2004-1653
https://notcve.org/view.php?id=CVE-2004-1653
31 Aug 2004 — The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. • http://marc.info/?l=bugtraq&m=109413637313484&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2004-0819
https://notcve.org/view.php?id=CVE-2004-0819
25 Aug 2004 — The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet. • http://marc.info/?l=bugtraq&m=109345131508824&w=2 •
CVSS: 10.0EPSS: 4%CPEs: 17EXPL: 0CVE-2004-0492 – httpd mod_proxy buffer overflow
https://notcve.org/view.php?id=CVE-2004-0492
23 Jun 2004 — Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Desbordamiento de búfer basado en el montón en proxy_util.c de mod_proxy en Apache 1.3.25 a 1.3.31 permite a atacantes remotos causar un denegación de servicio (caída del proceso) y posiblemente ejecutar código de su elecció... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc •
CVSS: 10.0EPSS: 2%CPEs: 29EXPL: 0CVE-2004-0414
https://notcve.org/view.php?id=CVE-2004-0414
11 Jun 2004 — CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente líneas "Entry" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegación de servicio (caída), modificación de datos de programa críticos, o ejec... • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •
CVSS: 10.0EPSS: 93%CPEs: 29EXPL: 1CVE-2004-0416 – Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2004-0416
11 Jun 2004 — Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. Vulnerabilidad de doble liberación en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/392 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 78%CPEs: 29EXPL: 0CVE-2004-0418
https://notcve.org/view.php?id=CVE-2004-0418
11 Jun 2004 — serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente líneas de datos vacías, lo que puede permitir a atacantes remotos realizar una escritura "fuera de límites" en un solo byte para ejecutar código arbitrario o modificar datos... • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •
CVSS: 7.5EPSS: 88%CPEs: 29EXPL: 0CVE-2004-0417
https://notcve.org/view.php?id=CVE-2004-0417
11 Jun 2004 — Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. Desobordamiento de enteros en la orden de protocolo CVS "Max-dotdot" (serve_max_dotdot) en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 puede permitir a atacantes remotos causar una caída del servidor, lo que podría hacer que datos temporales permanezca... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc •