Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Max CVSS
7.5
EPSS Score
3.53%
Published
2004-12-31
Updated
2017-08-08
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
Max CVSS
5.0
EPSS Score
5.60%
Published
2004-12-31
Updated
2008-09-05
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
Max CVSS
5.0
EPSS Score
1.56%
Published
2004-12-31
Updated
2020-07-28
Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, which triggers a null pointer dereference.
Max CVSS
5.0
EPSS Score
4.52%
Published
2004-12-31
Updated
2017-07-11
Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
Max CVSS
5.0
EPSS Score
1.69%
Published
2004-12-31
Updated
2017-07-11
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.
Max CVSS
5.0
EPSS Score
6.64%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.
Max CVSS
5.0
EPSS Score
0.48%
Published
2004-12-31
Updated
2017-10-11
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
Max CVSS
7.2
EPSS Score
0.09%
Published
2004-12-31
Updated
2021-02-02
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
Max CVSS
7.5
EPSS Score
96.85%
Published
2004-12-23
Updated
2021-07-23
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
Max CVSS
7.5
EPSS Score
30.47%
Published
2004-10-20
Updated
2023-08-11
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
19.35%
Published
2004-10-20
Updated
2024-02-02
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
Max CVSS
5.0
EPSS Score
5.66%
Published
2004-10-20
Updated
2022-09-23
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
Max CVSS
5.0
EPSS Score
1.24%
Published
2004-07-27
Updated
2018-10-30
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.05%
Published
2004-09-28
Updated
2021-02-02
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
21.40%
Published
2004-09-28
Updated
2024-02-02
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Max CVSS
10.0
EPSS Score
95.50%
Published
2004-11-03
Updated
2020-04-09
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
Max CVSS
5.0
EPSS Score
0.96%
Published
2004-08-18
Updated
2017-10-11
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
Max CVSS
7.5
EPSS Score
57.48%
Published
2004-07-07
Updated
2022-09-23
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
Max CVSS
7.5
EPSS Score
0.26%
Published
2004-09-28
Updated
2024-01-09
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
Max CVSS
10.0
EPSS Score
93.35%
Published
2004-08-06
Updated
2018-05-03
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Max CVSS
7.5
EPSS Score
1.90%
Published
2004-07-07
Updated
2020-10-09
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
Max CVSS
10.0
EPSS Score
90.89%
Published
2004-05-04
Updated
2017-10-11
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.
Max CVSS
5.0
EPSS Score
4.55%
Published
2004-11-23
Updated
2017-07-11
Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter.
Max CVSS
10.0
EPSS Score
0.91%
Published
2004-11-23
Updated
2017-07-11
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
46.29%
Published
2004-06-01
Updated
2018-10-12
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!