Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-0951 | Unspecified vulnerability in HP Ignite-Ux C.6.2.241 The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2004-12-31 | CVE-2004-0826 | Remote Heap Overflow vulnerability in Mozilla Network Security Services Library Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | 7.5 |
| 2004-12-31 | CVE-2004-0821 | Unspecified vulnerability in Apple mac OS X and mac OS X Server The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges. | 7.2 |
| 2004-12-31 | CVE-2004-0817 | BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2 Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. network low complexity enlightenment imagemagick sun conectiva mandrakesoft redhat suse turbolinux ubuntu | 7.5 |
| 2004-12-31 | CVE-2004-0806 | Unspecified vulnerability in Cdrtools Cdrecord 1.11/2.0 cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. | 7.2 |
| 2004-12-31 | CVE-2004-0780 | Local Buffer Overflow vulnerability in Sun Solaris UUSTAT Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument. | 7.2 |
| 2004-12-31 | CVE-2004-0638 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Oracle8I and Oracle9I Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument. | 8.5 |
| 2004-12-31 | CVE-2004-0567 | Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability." | 7.5 |
| 2004-12-31 | CVE-2004-0561 | Denial-Of-Service vulnerability in University of Minnesota Gopherd 3.0.3 Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
| 2004-12-31 | CVE-2004-0560 | Denial Of Service vulnerability in University of Minnesota Gopherd 3.0.3 Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow. | 7.5 |