CVSS: 8.8EPSS: 5%CPEs: 68EXPL: 0CVE-2004-1307
https://notcve.org/view.php?id=CVE-2004-1307
21 Dec 2004 — Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html •
CVSS: 7.5EPSS: 3%CPEs: 28EXPL: 2CVE-2004-1158 – KDE Security Advisory 2004-12-13.1
https://notcve.org/view.php?id=CVE-2004-1158
10 Dec 2004 — Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. KDE Security Advisory: The Konqueror web browser allows websites to load web pages into a window or tab currently used by another website. This vulnerability is similar to the Ko... • http://marc.info/?l=bugtraq&m=110296048613575&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2004-1171
https://notcve.org/view.php?id=CVE-2004-1171
10 Dec 2004 — KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html •
CVSS: 7.5EPSS: 2%CPEs: 25EXPL: 0CVE-2004-1014
https://notcve.org/view.php?id=CVE-2004-1014
08 Dec 2004 — statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. statd en nfs-utils 1.257 y anteriores hace caso a la señal SIGPIPE, lo que permite a atacanes remotos causar una denegación de servicio (caída de proceso de servidor) mediante una conexión TCP que es terminada prematuramente. • http://cvs.sourceforge.net/viewcvs.py/nfs/nfs-utils/ChangeLog?rev=1.258&view=markup •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2004-1098
https://notcve.org/view.php?id=CVE-2004-1098
01 Dec 2004 — MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. MIMEDefang de MIME-tools 5.414 permite a atacantes remotos sortear escaner de virus mediante adjuntos en correo electrónico con virus que contengan una cadena de límite vacia en la cabecera Content-Type. • http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html •
CVSS: 7.8EPSS: 0%CPEs: 51EXPL: 0CVE-2004-1051
https://notcve.org/view.php?id=CVE-2004-1051
18 Nov 2004 — sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2004-0983 – dsa-586.txt
https://notcve.org/view.php?id=CVE-2004-0983
10 Nov 2004 — The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles. • http://www.debian.org/security/2004/dsa-586 •
CVSS: 9.8EPSS: 17%CPEs: 74EXPL: 0CVE-2004-0803 – dsa-567.txt
https://notcve.org/view.php?id=CVE-2004-0803
26 Oct 2004 — Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. Múltiples vulnerabilidades en los decodificadores RLE (run length encoding) de libtiff 3.6.1 y anteriores, relacionadas con desbordamientos de enteros y de búfer, permite a atacantes remotos ejecutar código arbitrario mediante ficheros TIFF. Several problems have been discovered in libtiff, the Ta... • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 •
CVSS: 7.5EPSS: 11%CPEs: 75EXPL: 1CVE-2004-0886 – dsa-567.txt
https://notcve.org/view.php?id=CVE-2004-0886
26 Oct 2004 — Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2004-0834
https://notcve.org/view.php?id=CVE-2004-0834
20 Oct 2004 — Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. Vulnerabilidad de cadena de formato en Speedtouch USB driver anteriores a 1.3.1 permite a usuarios locales ejecutar código de su elección mediante modem_run pppoa2, o pppoa3 • http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734 •