Total
254124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0132 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. | |||||
| CVE-2001-0003 | 1 Microsoft | 4 Office, Windows 2000, Windows Me and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. | |||||
| CVE-2003-0815 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | |||||
| CVE-1999-0999 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | |||||
| CVE-2004-0318 | 1 Platform | 1 Lsf | 2024-02-04 | 10.0 HIGH | N/A |
| Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges. | |||||
| CVE-2002-0084 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument. | |||||
| CVE-2001-1080 | 1 Ibm | 1 Aix | 2024-02-04 | 10.0 HIGH | N/A |
| diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. | |||||
| CVE-2000-0267 | 1 Cisco | 1 Catos | 2024-02-04 | 4.6 MEDIUM | N/A |
| Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. | |||||
| CVE-2001-0623 | 1 Sendfile | 1 Sendfile | 2024-02-04 | 4.6 MEDIUM | N/A |
| sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges. | |||||
| CVE-2002-2014 | 1 Ibm | 1 Lotus Domino | 2024-02-04 | 5.0 MEDIUM | N/A |
| Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks. | |||||
| CVE-2000-0902 | 1 Nathan Purciful | 1 Phpphotoalbum | 2024-02-04 | 5.0 MEDIUM | N/A |
| getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0985 | 1 Nevis Systems | 1 All-mail | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command. | |||||
| CVE-2002-0632 | 1 Sgi | 1 Irix | 2024-02-04 | 5.0 MEDIUM | N/A |
| Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. | |||||
| CVE-2002-0565 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2024-02-04 | 5.0 MEDIUM | N/A |
| Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | |||||
| CVE-2004-0771 | 1 Tsugio Okamoto | 1 Lha | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | |||||
| CVE-2004-0836 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | |||||
| CVE-1999-1268 | 1 Kde | 1 Kde | 2024-02-04 | 7.2 HIGH | N/A |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | |||||
| CVE-2001-0232 | 1 Ibrow | 1 News Desk | 2024-02-04 | 5.0 MEDIUM | N/A |
| newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. | |||||
| CVE-2003-0066 | 1 Rxvt | 1 Rxvt | 2024-02-04 | 7.5 HIGH | N/A |
| The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2002-0660 | 1 Greg Roelofs | 2 Libpng, Libpng3 | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728. | |||||