2004 CVE Vulnerabilities
2,707 CVEs published in 2004.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2004-0213 | HIGH | 7.8 | 21.3% | Aug 6, 2004 | Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which all... |
| CVE-2004-0212 | — | — | 67.0% | Aug 6, 2004 | Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, al... |
| CVE-2004-0210 | HIGH | 7.8 | 7.6% | Aug 6, 2004 | The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain pa... |
| CVE-2004-0205 | — | — | 24.5% | Aug 6, 2004 | Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the ... |
| CVE-2004-0204 | — | — | 73.0% | Aug 6, 2004 | Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterpri... |
| CVE-2004-0202 | — | — | 26.2% | Aug 6, 2004 | IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2... |
| CVE-2004-0201 | — | — | 45.1% | Aug 6, 2004 | Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP,... |
| CVE-2004-0137 | — | — | 0.3% | Aug 6, 2004 | Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system pan... |
| CVE-2004-0136 | — | — | 0.4% | Aug 6, 2004 | The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system cra... |
| CVE-2004-0135 | — | — | 0.3% | Aug 6, 2004 | The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and wr... |
| CVE-2004-0125 | — | — | 0.3% | Aug 6, 2004 | The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables ori... |
| CVE-2004-1710 | — | — | 2.1% | Aug 6, 2004 | page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter. |
| CVE-2004-1711 | — | — | 1.3% | Aug 6, 2004 | Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary we... |
| CVE-2004-1712 | — | — | 0.9% | Aug 6, 2004 | Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name ... |
| CVE-2004-0641 | — | — | 2.6% | Aug 5, 2004 | Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP I... |
| CVE-2004-1365 | — | — | 7.4% | Aug 4, 2004 | Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local... |
| CVE-2004-1364 | — | — | 13.8% | Aug 4, 2004 | Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries ... |
| CVE-2004-1371 | — | — | 10.8% | Aug 4, 2004 | Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in t... |
| CVE-2004-1709 | — | — | 0.3% | Aug 4, 2004 | Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token... |
| CVE-2004-1367 | — | — | 7.3% | Aug 4, 2004 | Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP o... |
| CVE-2004-1370 | — | — | 3.9% | Aug 4, 2004 | Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remo... |
| CVE-2004-1679 | — | — | 1.7% | Aug 4, 2004 | Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (trip... |
| CVE-2004-1368 | — | — | 5.6% | Aug 4, 2004 | ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname i... |
| CVE-2004-1366 | — | — | 15.5% | Aug 4, 2004 | Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.propertie... |
| CVE-2004-1369 | — | — | 5.6% | Aug 4, 2004 | The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed ser... |
Check if your code is affected by 2004 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now