Total
240117 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1116 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 5.0 MEDIUM | N/A |
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. | |||||
CVE-2004-0168 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." | |||||
CVE-2004-0015 | 1 Vbox3 | 1 Vbox3 | 2024-02-04 | 7.2 HIGH | N/A |
vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. | |||||
CVE-1999-0909 | 1 Microsoft | 4 Terminal Server, Windows 95, Windows 98se and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. | |||||
CVE-2002-1450 | 1 Ibm | 1 U2 Universe | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. | |||||
CVE-1999-0276 | 1 Hughes | 1 Msql | 2024-02-04 | 7.5 HIGH | N/A |
mSQL v2.0.1 and below allows remote execution through a buffer overflow. | |||||
CVE-2004-1386 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 7.5 HIGH | N/A |
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. | |||||
CVE-2002-1238 | 1 Peter Sandvik | 1 Simple Web Server | 2024-02-04 | 7.5 HIGH | N/A |
Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. | |||||
CVE-2004-0948 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. It was a duplicate assignment before public disclosure. Notes: none. | |||||
CVE-1999-0413 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. | |||||
CVE-2002-1046 | 1 Watchguard | 2 Firebox, Soho Firewall | 2024-02-04 | 5.0 MEDIUM | N/A |
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. | |||||
CVE-2003-1560 | 1 Netscape | 1 Navigator | 2024-02-04 | 5.0 MEDIUM | N/A |
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-2003-1034 | 1 Sap | 1 Sap Db | 2024-02-04 | 4.6 MEDIUM | N/A |
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | |||||
CVE-2001-0282 | 1 Guido Frassetto | 1 Sedum | 2024-02-04 | 10.0 HIGH | N/A |
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. | |||||
CVE-2002-0076 | 3 Hp, Microsoft, Sun | 5 Java Jre-jdk, Virtual Machine, Jdk and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | |||||
CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 5.0 MEDIUM | N/A |
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | |||||
CVE-2003-1390 | 1 Research Triangle Software | 1 Cryptobuddy | 2024-02-04 | 7.5 HIGH | N/A |
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. | |||||
CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | N/A |
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. | |||||
CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |||||
CVE-2002-2253 | 1 Cyrus | 1 Libsieve | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string. |