Vulnerabilities (CVE)

Total 260271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-0763 2 Debian, Suse 2 Debian Linux, Suse Linux 2024-02-04 7.5 HIGH N/A
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
CVE-2003-0367 2 Debian, Gnu 2 Debian Linux, Gzip 2024-02-04 2.1 LOW N/A
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2002-1113 1 Mantis 1 Mantis 2024-02-04 7.5 HIGH N/A
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
CVE-2002-0697 1 Microsoft 1 Metadirectory Services 2024-02-04 10.0 HIGH N/A
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
CVE-2004-0393 1 Rlpr 1 Rlpr 2024-02-04 10.0 HIGH N/A
Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.
CVE-2003-0255 1 Gnu 1 Privacy Guard 2024-02-04 10.0 HIGH N/A
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
CVE-2002-1451 1 Desiderata Software 1 Blazix 2024-02-04 5.0 MEDIUM N/A
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
CVE-1999-0834 1 Rsa 1 Rsaref 2024-02-04 10.0 HIGH N/A
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
CVE-2002-1427 1 Easy Scripts Archive 2 Advanced Easy Homepage Creator, Easy Homepage Creator 2024-02-04 7.5 HIGH N/A
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
CVE-2004-1372 1 Ibm 1 Db2 Universal Database 2024-02-04 7.2 HIGH N/A
Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
CVE-2003-1316 1 Endonesia 1 Endonesia 2024-02-04 5.0 MEDIUM N/A
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2002-1859 1 Orionserver 1 Orion Application Server 2024-02-04 5.0 MEDIUM N/A
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2001-1138 1 Randy Parker 1 Power Up Html 2024-02-04 7.5 HIGH N/A
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.
CVE-2003-0718 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-04 5.0 MEDIUM N/A
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
CVE-2000-0192 1 Caldera 1 Openlinux 2024-02-04 5.0 MEDIUM N/A
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.
CVE-2002-0162 1 Logwatch 1 Logwatch 2024-02-04 6.2 MEDIUM N/A
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.
CVE-2003-1516 1 Sun 1 Java Plug-in 2024-02-04 6.8 MEDIUM N/A
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
CVE-2001-1371 1 Oracle 1 Application Server 2024-02-04 7.5 HIGH N/A
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
CVE-1999-0128 5 Digital, Ibm, Linux and 2 more 9 Osf 1, Aix, Sng and 6 more 2024-02-04 5.0 MEDIUM N/A
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
CVE-2003-0988 1 Kde 1 Kde 2024-02-04 7.5 HIGH N/A
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.