LiveActive security incident?Get immediate response
CVE archive

November 2004

Browse CVE records published in November 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 31 of 131 matching CVEs · Page 3 of 3.

Unknown · CVSS Not scored

CVE-2004-1038: A design error in the IEEE1394 specification allows attackers with physical access to a device to read and...

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.

Published Nov 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0932: McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 Oct...

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published Nov 19, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0933: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gate...

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published Nov 19, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0564: Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allo...

Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.

Published Nov 19, 2004 · Updated Aug 8, 2024