LiveActive security incident?Get immediate response
CVE archive

April 2004

Browse CVE records published in April 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 37 of 87 matching CVEs · Page 2 of 2.

Unknown · CVSS Not scored

CVE-2004-0385: Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9...

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."

Published Apr 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0380: The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote...

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."

Published Apr 6, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0155: The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but...

The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.

Published Apr 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0184: Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a d...

Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Published Apr 6, 2004 · Updated Aug 8, 2024