Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0641 | 3 Immunix, Redhat, Suse | 3 Immunix, Linux, Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. | |||||
| CVE-2006-0645 | 1 Free Software Foundation Inc. | 1 Libtasn1 | 2025-04-03 | 7.5 HIGH | N/A |
| Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | |||||
| CVE-2001-1189 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. | |||||
| CVE-2000-0390 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. | |||||
| CVE-2002-0034 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 4.6 MEDIUM | N/A |
| The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. | |||||
| CVE-2002-1413 | 1 Novell | 1 Netware | 2025-04-03 | 7.5 HIGH | N/A |
| RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection. | |||||
| CVE-2000-0420 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
| The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data. | |||||
| CVE-1999-0786 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
| The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. | |||||
| CVE-2006-3658 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. | |||||
| CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | |||||
| CVE-2004-0358 | 1 Virtuasystems | 1 Virtuanews Pro | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php. | |||||
| CVE-2005-1707 | 1 Gentoo | 1 Linux Webapp-config | 2025-04-03 | 4.6 MEDIUM | N/A |
| The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file. | |||||
| CVE-2005-3211 | 1 Softwin | 1 Bitdefender Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-4578 | 1 Hitachi | 1 Business Logic | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. | |||||
| CVE-2002-1789 | 1 Newsx | 1 Newsx | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function. | |||||
| CVE-2002-1799 | 1 Phprank | 1 Phprank | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter. | |||||
| CVE-2002-1239 | 1 Qnx | 1 Rtos | 2025-04-03 | 7.2 HIGH | N/A |
| QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. | |||||
| CVE-2005-1599 | 1 Kryloff Technologies | 1 Subject Search Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field. | |||||
| CVE-2005-1735 | 1 Electricmonk | 1 Proms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-1836 | 1 Invision Power Services | 1 Invision Power Top Site List | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. | |||||