Total
253999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1238 | 1 Peter Sandvik | 1 Simple Web Server | 2024-02-04 | 7.5 HIGH | N/A |
Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. | |||||
CVE-2004-0948 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. It was a duplicate assignment before public disclosure. Notes: none. | |||||
CVE-1999-0413 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. | |||||
CVE-2002-1046 | 1 Watchguard | 2 Firebox, Soho Firewall | 2024-02-04 | 5.0 MEDIUM | N/A |
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. | |||||
CVE-2003-1560 | 1 Netscape | 1 Navigator | 2024-02-04 | 5.0 MEDIUM | N/A |
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-2003-1034 | 1 Sap | 1 Sap Db | 2024-02-04 | 4.6 MEDIUM | N/A |
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | |||||
CVE-2001-0282 | 1 Guido Frassetto | 1 Sedum | 2024-02-04 | 10.0 HIGH | N/A |
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. | |||||
CVE-2002-0076 | 3 Hp, Microsoft, Sun | 5 Java Jre-jdk, Virtual Machine, Jdk and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | |||||
CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 5.0 MEDIUM | N/A |
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | |||||
CVE-2003-1390 | 1 Research Triangle Software | 1 Cryptobuddy | 2024-02-04 | 7.5 HIGH | N/A |
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. | |||||
CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | N/A |
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. | |||||
CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |||||
CVE-2002-2253 | 1 Cyrus | 1 Libsieve | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string. | |||||
CVE-2004-1087 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2024-02-04 | 2.1 LOW | N/A |
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. | |||||
CVE-1999-0576 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.5 HIGH | N/A |
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. | |||||
CVE-2004-1494 | 1 Kingsoft | 1 Xdict | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string. | |||||
CVE-2002-1158 | 1 Canna | 1 Canna | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. | |||||
CVE-2002-1638 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-2153. Reason: This candidate is a duplicate of CVE-2002-2153. Notes: All CVE users should reference CVE-2002-2153 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-1579 | 1 Sap | 1 Sapgui | 2024-02-04 | 5.0 MEDIUM | N/A |
SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | |||||
CVE-2003-0934 | 1 Symbol Technologies | 1 Pdt | 2024-02-04 | 4.6 MEDIUM | N/A |
Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network. |