| 2004-12-31 | CVE-2004-0817 | BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. | 7.5 |
| 2004-12-31 | CVE-2004-0802 | BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | 5.1 |
| 2004-12-23 | CVE-2004-0803 | Buffer Overflow vulnerability in LibTIFF
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | 7.5 |
| 2004-12-23 | CVE-2004-0685 | Information Disclosure vulnerability in Linux Kernel USB Driver Uninitialized Structure
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. | 4.6 |
| 2004-12-15 | CVE-2004-1145 | Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. | 5.0 |
| 2004-12-06 | CVE-2004-0607 | The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. | 10.0 |
| 2004-11-23 | CVE-2004-0494 | Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | 7.5 |
| 2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |
| 2004-11-23 | CVE-2004-0079 | NULL Pointer Dereference vulnerability in multiple products
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | 7.5 |
| 2004-10-20 | CVE-2004-0750 | Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied. | 7.5 |