Total
259221 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0954 | 1 Cisco | 1 Pix Firewall | 2024-02-04 | 7.5 HIGH | N/A |
| The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. | |||||
| CVE-2002-0246 | 1 Caldera | 1 Unixware | 2024-02-04 | 7.2 HIGH | N/A |
| Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. | |||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | |||||
| CVE-2000-0576 | 1 Oracle | 1 Web Listener | 2024-02-04 | 5.0 MEDIUM | N/A |
| Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL. | |||||
| CVE-2004-0638 | 1 Oracle | 2 Oracle8i, Oracle9i | 2024-02-04 | 8.5 HIGH | N/A |
| Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument. | |||||
| CVE-2004-0431 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow. | |||||
| CVE-2004-1244 | 1 Microsoft | 1 Windows Media Player | 2024-02-04 | 7.5 HIGH | N/A |
| Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." | |||||
| CVE-2000-0321 | 1 Icradius | 1 Icradius | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name. | |||||
| CVE-2004-0527 | 1 Kde | 1 Konqueror | 2024-02-04 | 5.0 MEDIUM | N/A |
| KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | |||||
| CVE-2003-0100 | 1 Cisco | 1 Ios | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. | |||||
| CVE-2000-1090 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. | |||||
| CVE-2001-0421 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 6.4 MEDIUM | N/A |
| FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. | |||||
| CVE-2000-1239 | 1 Ibm | 1 Tivoli Management Framework | 2024-02-04 | 9.0 HIGH | N/A |
| The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files. | |||||
| CVE-2001-0229 | 1 Sun | 1 Chilisoft | 2024-02-04 | 7.2 HIGH | N/A |
| Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. | |||||
| CVE-2004-1777 | 1 Skype Technologies | 1 Skype | 2024-02-04 | 5.0 MEDIUM | N/A |
| A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | |||||
| CVE-2005-0068 | 1 Tcp | 1 Tcp | 2024-02-04 | 5.0 MEDIUM | N/A |
| The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2001-0302 | 1 Pi3 | 1 Pi3web | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. | |||||
| CVE-2004-1948 | 1 Ncftp Software | 1 Ncftp | 2024-02-04 | 4.6 MEDIUM | N/A |
| NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | |||||
| CVE-2004-1981 | 1 Businessobjects | 2 Crystal Enterprise, Crystal Reports | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder. | |||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 2.6 LOW | N/A |
| BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | |||||