Vulnerabilities (CVE)

Total 259285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1491 4 Gentoo, Kde, Opera and 1 more 4 Linux, Kde, Opera Browser and 1 more 2024-02-04 5.0 MEDIUM N/A
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVE-2004-0209 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-04 10.0 HIGH N/A
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
CVE-2002-2046 1 Xqus 1 X-news 2024-02-04 7.5 HIGH N/A
x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.
CVE-1999-0460 1 Linux 1 Linux Kernel 2024-02-04 2.1 LOW N/A
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
CVE-2000-0228 1 Microsoft 1 Windows Media Rights Manager 2024-02-04 5.0 MEDIUM N/A
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
CVE-2003-1098 1 Hp 1 Hp-ux 2024-02-04 7.2 HIGH N/A
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
CVE-1999-0645 2024-02-04 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The IRC service is running."
CVE-2003-0779 1 Digium 1 Asterisk 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
CVE-2003-0796 1 Sgi 1 Irix 2024-02-04 7.5 HIGH N/A
Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled.
CVE-1999-1072 1 Excite 1 Ews 2024-02-04 7.2 HIGH N/A
Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi.
CVE-2004-1858 1 Hp 1 Web Jetadmin 2024-02-04 5.0 MEDIUM N/A
HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character.
CVE-2000-1085 1 Microsoft 2 Data Engine, Sql Server 2024-02-04 4.6 MEDIUM N/A
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2004-1189 1 Mit 1 Kerberos 5 2024-02-04 7.2 HIGH N/A
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
CVE-1999-0947 1 An 1 An-httpd 2024-02-04 7.5 HIGH N/A
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
CVE-2003-0214 1 Debian 1 Mime-support 2024-02-04 4.6 MEDIUM N/A
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-1999-0786 1 Sun 2 Solaris, Sunos 2024-02-04 4.6 MEDIUM N/A
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
CVE-1999-0169 1 Sun 1 Nfs 2024-02-04 10.0 HIGH N/A
NFS allows attackers to read and write any file on the system by specifying a false UID.
CVE-2000-0305 2 Be, Microsoft 6 Beos, Terminal Server, Windows 2000 and 3 more 2024-02-04 7.8 HIGH N/A
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
CVE-2002-0005 1 Aol 1 Instant Messenger 2024-02-04 10.0 HIGH N/A
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).
CVE-2002-0814 1 Vmware 1 Gsx Server 2024-02-04 7.5 HIGH N/A
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.