CVE-2004-1051
https://notcve.org/view.php?id=CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=110028877431192&w=2 http://marc.info/?l=bugtraq&m=110598298225675&w=2 http://www.debian.org/security/2004/dsa-596 http://www.mandriva.com/security/advisories?name=MDKSA-2004:133 http://www.securityfocus.com/bid/11668 http://www.sudo.ws/sudo/alerts/bash_functions.html http://www.trustix.org/errata/2004/0061 https://exchange.xforce.ibmcloud.com/vulnerabilities/18055 https& •
CVE-2004-0983
https://notcve.org/view.php?id=CVE-2004-0983
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. • http://www.debian.org/security/2004/dsa-586 http://www.mandriva.com/security/advisories?name=MDKSA-2004:128 http://www.redhat.com/support/errata/RHSA-2004-635.html http://www.securityfocus.com/bid/11618 https://exchange.xforce.ibmcloud.com/vulnerabilities/17985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268 https://usn.ubuntu.com/20-1 https://access.redhat.com/security/cve/CVE-2004-0983 https://bugzilla.redhat.com/show_bug.cgi?id=1 •
CVE-2004-1007
https://notcve.org/view.php?id=CVE-2004-1007
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address. • http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01 https://exchange.xforce.ibmcloud.com/vulnerabilities/17916 •
CVE-2004-0814
https://notcve.org/view.php?id=CVE-2004-0814
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. Múltiples condiciones de carrera en la capa de terminal de Linux kernel 2.4.x y 2.6.x anteriores a 2.6.9 permiten a usuarios locales obtener porciones de datos del kernel mediante una llamada ioctl TIOCSETD a una interfaz de terminal que esté siendo accedida por otro hilo, o a atacantes remotos causar una denegación de servicio (panic) cambiando de consola a disciplina de línea PPP, y enviando entonces inmediatamente datos que son recibidos durante la conmutación. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110 http://marc.info/?l=bugtraq&m=110306397320336&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://www.redhat.com/support/errata/RHSA-2005-293.html http://www.securityfocus.com/archive/1/379005 http://www.securityfocus.com/bid/11491 http://www.securityfocus.com/bid/11492 https://bugzilla.fedora.us/show_bug.cgi? •
CVE-2004-0989 – Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-0989
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. • https://www.exploit-db.com/exploits/24704 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://marc.info/?l=bugtraq&m=109880813013482&w=2 http://secunia.com/advisories/13000 http://securitytracker.com/id?1011941 http://www.ciac.org/ciac/bulletins/p-029.shtml http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www •