CVSS: 9.6EPSS: 5%CPEs: 62EXPL: 1CVE-2004-0905
https://notcve.org/view.php?id=CVE-2004-0905
14 Sep 2004 — Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 •
CVSS: 7.5EPSS: 9%CPEs: 27EXPL: 0CVE-2004-0807 – samba30x.txt
https://notcve.org/view.php?id=CVE-2004-0807
13 Sep 2004 — Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. Samba 3.0.x is susceptible to multiple denial of services bugs that can remotely crash the daemons nmbd and smbd. • ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P •
CVSS: 9.1EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0746 – wp-04-0001.txt
https://notcve.org/view.php?id=CVE-2004-0746
24 Aug 2004 — Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 2CVE-2004-0497 – Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0497
02 Jul 2004 — Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. Vulnerabilidad desconocida en el kernel 2.x de Linux puede permitir a usuarios locales modificar el ID de grupo de ficheros, como ficheros exportados con NFS en kernel 2.4. A problem exists in the Linux kernel 2.4 and 2.6 series where missing Discretionary Access Control (DAC) in the chown(2) system call allow an attacker with a local account the ability to change the gr... • https://packetstorm.news/files/id/35495 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2004-0496 – 200420kernel.txt
https://notcve.org/view.php?id=CVE-2004-0496
02 Jul 2004 — Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. Multiples vulnerabilidades desconocidas en el kernel 2.6 de Linux permite a usuarios locales ganar privilegios o acceder a memoria del kernel, un grupo de vulerabilidades distinto de los identificado por CAN-2004-0495, como se ha encontrado con la herramienta de comprobac... • http://www.novell.com/linux/security/advisories/2004_20_kernel.html •
CVSS: 10.0EPSS: 9%CPEs: 28EXPL: 0CVE-2004-0461
https://notcve.org/view.php?id=CVE-2004-0461
24 Jun 2004 — The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. El demonio DHCP (DHCPD) de ISC DHCP 3.0.1rc12 y 3.0.1rc13, cuando se compila en entornos que no proveen la función vsnprintf, usa ficheros de inclusión de C qu... • http://marc.info/?l=bugtraq&m=108795911203342&w=2 •
CVSS: 10.0EPSS: 63%CPEs: 28EXPL: 0CVE-2004-0460
https://notcve.org/view.php?id=CVE-2004-0460
24 Jun 2004 — Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. Desbordamiento de búfer en la capacidad de registro de sucesos (logging) del demonio DHCP (DHCPD) de ISC DHCP 3.0.1rc12 y 3.01rc13 permite ... • http://marc.info/?l=bugtraq&m=108795911203342&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2004-0587
https://notcve.org/view.php?id=CVE-2004-0587
23 Jun 2004 — Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service. Permisos inseguros en el fichero /proc/scsi/qla2300/HbaApiNode en Linux permite a usuarios locales causar una denegación de servicio. • ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc •
CVSS: 7.1EPSS: 0%CPEs: 93EXPL: 0CVE-2004-0535 – 200420kernel.txt
https://notcve.org/view.php?id=CVE-2004-0535
08 Jun 2004 — The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. El controlador e1000 del kernel de Linux 2.4.26 y anteriores no inicializa la memoria antes de usarla, lo que permite a usuarios locales leer porciones de la memoria del kernel. NOTA: Este problema ha sido originalmente descrito incorrectamente por otra... • ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc •