CVSS: 2.1EPSS: 0%CPEs: 55EXPL: 1CVE-2004-0554 – Linux Kernel 2.4.x/2.6.x - Assembler Inline Function Local Denial of Service
https://notcve.org/view.php?id=CVE-2004-0554
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. El kernel de Linux 2.4.2x y 2.6.x para x86 permite a usuarios locales causar una denegación de servicio (caída del sistema), posiblemente mediante un bucle infinito que dispara un manejador de señal con una cierta secuencia de instrucciones fsave y fstor, originalmente demostrado con el programa "crash.c". • https://www.exploit-db.com/exploits/306 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905 http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html http://lwn.net/Articles/91155 http://marc.info/?l=bugtraq&m=108786114032681&w=2 http://marc.info/?l=bugtraq&m=108793699910896&w=2 http://marc.info/? •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2004-0548 – Aspell (word-list-compress) - Command Line Stack Overflow
https://notcve.org/view.php?id=CVE-2004-0548
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option. Desbordamiento de búfer basado en la pila en la funcionalidad word-list-compress en compress.c de Aspell permite a usuarios locales ejecutar código arbitrario mediante una entrada larga en la lista de palabras que no se maneja adecuadamente cuando se utiliza la opción de compresión ""c"" o la opción de descompresión ""d"". • https://www.exploit-db.com/exploits/669 http://marc.info/?l=bugtraq&m=108675120224531&w=2 http://www.gentoo.org/security/en/glsa/glsa-200406-14.xml http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/10497 •
CVSS: 5.0EPSS: 93%CPEs: 29EXPL: 0CVE-2004-0417
https://notcve.org/view.php?id=CVE-2004-0417
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. Desobordamiento de enteros en la orden de protocolo CVS "Max-dotdot" (serve_max_dotdot) en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 puede permitir a atacantes remotos causar una caída del servidor, lo que podría hacer que datos temporales permanezcan sin detectar y consumir espacio en disco. • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www.mandriva.com/security/advisories?name=MDKSA-2004:058 http://www.redhat.com/support/errata/RHSA-2004-233.html https:/&#x •
CVSS: 10.0EPSS: 1%CPEs: 29EXPL: 0CVE-2004-0414
https://notcve.org/view.php?id=CVE-2004-0414
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente líneas "Entry" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegación de servicio (caída), modificación de datos de programa críticos, o ejecución de código arbitrario. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-517 http://www.mandriva.com/security/advisories?name=MDKSA-2004: •
CVSS: 10.0EPSS: 93%CPEs: 29EXPL: 1CVE-2004-0416 – Remote CVS 1.11.15 - 'error_prog_name' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2004-0416
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. Vulnerabilidad de doble liberación en la cadena error_prog_name en CVS 1.12.x a 1.12.8, y 1.11.x a 1.11.16, puede permitir a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/392 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://marc.info/?l=bugtraq&m=108716553923643&w=2 http://security.e-matters.de/advisories/092004.html http://security.gentoo.org/glsa/glsa-200406-06.xml http://www.debian.org/security/2004/dsa-519 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •