CVSS: 2.1EPSS: 0%CPEs: 22EXPL: 1CVE-2004-0497 – Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0497
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. Vulnerabilidad desconocida en el kernel 2.x de Linux puede permitir a usuarios locales modificar el ID de grupo de ficheros, como ficheros exportados con NFS en kernel 2.4. • https://www.exploit-db.com/exploits/718 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 http://www.novell.com/linux/security/advisories/2004_20_kernel.html http://www.redhat.com/support/errata/RHSA-2004-354.html http://www.redhat.com/support/errata/RHSA-2004-360.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg. •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2004-0496
https://notcve.org/view.php?id=CVE-2004-0496
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. Multiples vulnerabilidades desconocidas en el kernel 2.6 de Linux permite a usuarios locales ganar privilegios o acceder a memoria del kernel, un grupo de vulerabilidades distinto de los identificado por CAN-2004-0495, como se ha encontrado con la herramienta de comprobación de código fuente Sparse • http://www.novell.com/linux/security/advisories/2004_20_kernel.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16625 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2004-0626
https://notcve.org/view.php?id=CVE-2004-0626
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type. La función tcp_find_option del subsistema netfilter del kernel 2.6 de Linux, cuando se usan iptables y reglas de opciones TCP, permite a atacantes remotos causar una denegación de servicio (consumición de CPU por bucle infinito) mediante una opción de longitud larga que produce un entero negativo después de una conversión de tipos a char. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 http://lwn.net/Articles/91964 http://marc.info/?l=bugtraq&m=108861141304495&w=2 http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml http://www.novell.com/linux/security/advisories/2004_20_kernel.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16554 •
CVSS: 10.0EPSS: 62%CPEs: 21EXPL: 4CVE-2004-0608 – Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow
https://notcve.org/view.php?id=CVE-2004-0608
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory. El Motor de Unreal, usado en in DeusEx 1.112fm y anteriores, , Devastation 390 y anteriores, Mobile Forces 20000 y anteriores, Nerf Arena Blast 1.2 y anteriores, Postal 2 1337 y anteriores, Rune 107 y anteriores, Tactical Ops 3.4.0 y anteriores, Unreal 1 226f y anteriores, Unreal II XMP 7710 y anteriores, Unreal Tournament 451b y anteriores, Unreal Tournament 2003 2225 y anteriores, Unreal Tournament 2004 anteriores a 3236, Wheel of Time 333b y anteriores, and X-com Enforcer permite a atacantes remotos ejecutar código de su elección mediante un paquete UDP conteniendo una consulta segura con un valor largo, lo que sobreescribe memoria. • https://www.exploit-db.com/exploits/16848 https://www.exploit-db.com/exploits/10032 https://www.exploit-db.com/exploits/16693 http://aluigi.altervista.org/adv/unsecure-adv.txt http://marc.info/?l=bugtraq&m=108787105023304&w=2 http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml http://www.securityfocus.com/bid/10570 https://exchange.xforce.ibmcloud.com/vulnerabilities/16451 •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2004-0604
https://notcve.org/view.php?id=CVE-2004-0604
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference. El cliente y servidor HTTP de giFT-FastTrack 0.8.6 y anteriores permite a atacantes remotos causar una denegación de servicio (caída), posiblemente mediante una consulta de búsqueda vacía, lo que dispara una desreferencia de puntero NULL. • http://developer.berlios.de/bugs/?func=detailbug&bug_id=1573&group_id=809 http://gift-fasttrack.berlios.de http://secunia.com/advisories/11941 http://www.gentoo.org/security/en/glsa/glsa-200406-19.xml http://www.securityfocus.com/bid/10604 https://exchange.xforce.ibmcloud.com/vulnerabilities/16508 •