LiveActive security incident?Get immediate response
CVE archive

December 2004

Browse CVE records published in December 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 298 matching CVEs · Page 3 of 6.

Unknown · CVSS Not scored

CVE-2004-1270: lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are...

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Published Dec 22, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1314: Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a...

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.

Published Dec 22, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1219: paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attacke...

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.

Published Dec 15, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1207: The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, a...

The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero.

Published Dec 15, 2004 · Updated Aug 8, 2024