Latest CVE Feed
-
4.6
MEDIUMCVE-2004-0581
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.... Read more
- EPSS Score: %0.08
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0447
Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local ... Read more
- EPSS Score: %0.04
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0659
Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.... Read more
Affected Products : mplayer- EPSS Score: %4.45
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0535
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sour... Read more
Affected Products : linux_kernel suse_linux linux linux mandrake_linux mandrake_linux_corporate_server mandrake_multi_network_firewall secure_linux secure_community suse_email_server +7 more products- EPSS Score: %0.09
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0557
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.... Read more
- EPSS Score: %44.51
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0413
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an int... Read more
- EPSS Score: %10.82
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0544
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.... Read more
Affected Products : aix- EPSS Score: %0.70
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0658
Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw... Read more
Affected Products : linux_kernel- EPSS Score: %0.07
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0664
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter.... Read more
Affected Products : powerportal- EPSS Score: %4.31
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0654
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).... Read more
- EPSS Score: %0.13
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0661
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thi... Read more
- EPSS Score: %1.41
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0641
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.... Read more
Affected Products : speedtouch- EPSS Score: %7.25
- Published: Aug. 05, 2004
- Modified: Apr. 03, 2025
-
7.8
HIGHCVE-2004-1368
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.... Read more
- EPSS Score: %5.30
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1369
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.... Read more
- EPSS Score: %3.78
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
9.0
HIGHCVE-2004-1371
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.... Read more
- EPSS Score: %32.44
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.4
MEDIUMCVE-2004-1367
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local use... Read more
- EPSS Score: %0.38
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1679
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.... Read more
- EPSS Score: %3.89
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.... Read more
- EPSS Score: %27.66
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1370
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_... Read more
- EPSS Score: %1.81
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-1366
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.... Read more
- EPSS Score: %0.30
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025