CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1895
https://notcve.org/view.php?id=CVE-2004-1895
31 Dec 2004 — YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. • http://archives.neohapsis.com/archives/bugtraq/2004-04/0058.html •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2004-1476
https://notcve.org/view.php?id=CVE-2004-1476
31 Dec 2004 — Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label. • http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2097
https://notcve.org/view.php?id=CVE-2004-2097
31 Dec 2004 — Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd. • http://marc.info/?l=bugtraq&m=107461582413923&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2658
https://notcve.org/view.php?id=CVE-2004-2658
31 Dec 2004 — resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types. • http://support.novell.com/techcenter/psdb/fa6c6a3e792bf79b1d85821c689ea578.html •
CVSS: 9.8EPSS: 11%CPEs: 35EXPL: 1CVE-2004-1491 – Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1491
31 Dec 2004 — Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. • https://www.exploit-db.com/exploits/24828 •
CVSS: 10.0EPSS: 11%CPEs: 53EXPL: 0CVE-2004-1154
https://notcve.org/view.php?id=CVE-2004-1154
22 Dec 2004 — Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2004-1190
https://notcve.org/view.php?id=CVE-2004-1190
15 Dec 2004 — SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices. • http://secunia.com/advisories/18510 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1191
https://notcve.org/view.php?id=CVE-2004-1191
15 Dec 2004 — Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." • http://www.novell.com/linux/security/advisories/2004_42_kernel.html •
CVSS: 9.1EPSS: 2%CPEs: 61EXPL: 0CVE-2004-1145
https://notcve.org/view.php?id=CVE-2004-1145
15 Dec 2004 — Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. • http://marc.info/?l=bugtraq&m=110356286722875&w=2 •
CVSS: 10.0EPSS: 13%CPEs: 40EXPL: 0CVE-2004-0914 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0914
15 Dec 2004 — Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candida... • http://rhn.redhat.com/errata/RHSA-2004-537.html •