CVSS: 10.0EPSS: 10%CPEs: 9EXPL: 2CVE-2004-0084 – XFree86 4.x - CopyISOLatin1Lowered Font_Name Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0084
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. Desbordamiento de búfer en la función ReadFontAlias en XFree86 4.1.0 a 4.3.0, cuando se usa la función CopyISOLatin1Lowered, permite a usuarios locales o remotos autenticados ejecutar código arbitrario mediante una entrada malformada en el fichero de aliases de fuentes (font.alias), una vulnerabilidad distinta de CAN-2004-0083 y CAN-2004-0106. • https://www.exploit-db.com/exploits/23690 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 http://marc.info/?l=bugtraq&m=107662833512775&w=2 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1 http://www.debian.org/security/2004/dsa-443 http://www.idefense.com/application/poi/display? •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 2CVE-2004-0083 – XFree86 4.3 - Font Information File Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0083
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. Desbordamiento de búfer en ReadFontAlias de XFree86 4.1.0 a 4.3.0 permite a usuarios locales y atacantes remotos ejecutar código arbitrario mediante un fichero de aliases de fuentes (font.alias) con un token largo, una vulnerabilidad distinta de CAN-2004-0084 y CAN-2004-0106. • https://www.exploit-db.com/exploits/23682 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 http://marc.info/?l=bugtraq&m=107644835523678&w=2 http://marc.info/?l=bugtraq&m=107653324115914&w=2 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200402-02.xml http://sunsolve.sun.com/search/document.do? •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1082
https://notcve.org/view.php?id=CVE-2004-1082
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. • http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html http://www.ciac.org/ciac/bulletins/p-049.shtml http://www.securityfocus.com/bid/9571 http://www.securitytracker.com/alerts/2004/Dec/1012414.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 1CVE-2003-1366 – OpenBSD 2.x/3.x - CHPass Temporary File Link File Content Revealing
https://notcve.org/view.php?id=CVE-2003-1366
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. • https://www.exploit-db.com/exploits/22210 http://securityreason.com/securityalert/3238 http://www.epita.fr/~bevand_m/asa/asa-0001 http://www.securityfocus.com/archive/1/309962 http://www.securityfocus.com/bid/6748 http://www.securitytracker.com/id?1006035 https://exchange.xforce.ibmcloud.com/vulnerabilities/11233 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 1%CPEs: 45EXPL: 0CVE-2003-1562
https://notcve.org/view.php?id=CVE-2003-1562
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747 http://www.securityfocus.com/archive/1/320153 http://www.securityfocus.com/archive/1/320302 http://www.securityfocus.com/archive/1/320440 http://www.securityfocus.com/bid/7482 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •