CVSS: 5.0EPSS: 0%CPEs: 245EXPL: 0CVE-2004-0112
https://notcve.org/view.php?id=CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http: • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http&# • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 1CVE-2004-0217
https://notcve.org/view.php?id=CVE-2004-0217
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. La capacidad LiveUpdate de Symantec Antivirus Scan Engine 4.0 y 4.3 para Red Hat Linux permite a usuarios locales crear o añadir ficheros arbitrarios mediante un ataque de enlaces simbólicos sobre /tmp/LiveUpdate.log. • http://marc.info/?l=bugtraq&m=107694800908164&w=2 http://www.securityfocus.com/bid/9662 https://exchange.xforce.ibmcloud.com/vulnerabilities/15215 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.9EPSS: 0%CPEs: 77EXPL: 2CVE-2002-2185
https://notcve.org/view.php?id=CVE-2002-2185
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. • ftp://patches.sgi.com/support/free/security/advisories/20020901-01-A http://online.securityfocus.com/archive/1/276968 http://secunia.com/advisories/18510 http://secunia.com/advisories/18562 http://secunia.com/advisories/18684 http://www.cs.ucsb.edu/~krishna/igmp_dos http://www.redhat.com/support/errata/RHSA-2006-0101.html http://www.redhat.com/support/errata/RHSA-2006-0140.html http://www.redhat.com/support/errata/RHSA-2006-0190.html http://www.redhat.com/support&# •
CVSS: 7.2EPSS: 0%CPEs: 28EXPL: 0CVE-2002-0062
https://notcve.org/view.php?id=CVE-2002-0062
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." El desbordamiento del búfer en ncurses 5.0, y el paquete de compatibilidad ncurses4 basado en él, permite a usuarios locales la obtención de privilegios. • http://www.debian.org/security/2002/dsa-113 http://www.iss.net/security_center/static/8222.php http://www.redhat.com/support/errata/RHSA-2002-020.html http://www.securityfocus.com/bid/2116 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •