Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2288 | 1 Avahi | 1 Avahi | 2018-08-13 | 3.6 LOW | N/A |
| Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. | |||||
| CVE-2006-2289 | 1 Avahi | 1 Avahi | 2018-08-13 | 2.1 LOW | N/A |
| Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3107 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 2.1 LOW | N/A |
| fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. | |||||
| CVE-2005-2277 | 1 Nokia | 1 Affix | 2018-08-13 | 10.0 HIGH | N/A |
| Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | |||||
| CVE-2005-1395 | 1 Swlink | 1 Ce Ceterm | 2018-08-13 | 7.2 HIGH | N/A |
| Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument. | |||||
| CVE-2005-1574 | 1 Microsoft | 1 Windows Media Player | 2018-08-13 | 7.5 HIGH | N/A |
| Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. | |||||
| CVE-2005-1907 | 1 Microsoft | 1 Isa Server | 2018-08-13 | 5.0 MEDIUM | N/A |
| The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. | |||||
| CVE-2005-3105 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 2.1 LOW | N/A |
| The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. | |||||
| CVE-2005-2682 | 1 Dtlink | 1 Areaedit | 2018-08-13 | 7.5 HIGH | N/A |
| aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable). | |||||
| CVE-2005-1396 | 1 Swlink | 1 Ce Ceterm | 2018-08-13 | 1.2 LOW | N/A |
| Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file. | |||||
| CVE-2005-3134 | 1 Citrix | 1 Metaframe | 2018-08-13 | 7.5 HIGH | N/A |
| Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName). | |||||
| CVE-2008-1160 | 1 Zyxel | 1 Zywall | 2018-08-13 | 7.5 HIGH | N/A |
| ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | |||||
| CVE-2007-4234 | 1 Camera Life | 1 Camera Life | 2018-08-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4233 | 1 Camera Life | 1 Camera Life | 2018-08-13 | 4.3 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2010-5210 | 1 Soraxsoft | 1 Sorax Reader | 2018-08-13 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3274 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2018-08-13 | 4.4 MEDIUM | N/A |
| Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6109 | 1 Rack Project | 1 Rack | 2018-08-13 | 4.3 MEDIUM | N/A |
| lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. | |||||
| CVE-2014-3504 | 3 Apache, Canonical, Serf Project | 3 Subversion, Ubuntu Linux, Serf | 2018-08-13 | 4.0 MEDIUM | N/A |
| The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2014-2891 | 2 Debian, Strongswan | 2 Strongswan, Strongswan | 2018-08-13 | 5.0 MEDIUM | N/A |
| strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. | |||||
| CVE-2014-4511 | 1 Gitlist | 1 Gitlist | 2018-08-13 | 7.5 HIGH | N/A |
| Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/. | |||||
| CVE-2014-9650 | 1 Pivotal Software | 1 Rabbitmq | 2018-08-13 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions. | |||||
| CVE-2005-4829 | 1 Virtuemart | 1 Virtuemart | 2018-08-13 | 10.0 HIGH | N/A |
| VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors. | |||||
| CVE-2005-4584 | 1 Bzflag | 1 Bzflag Server | 2018-08-13 | 5.0 MEDIUM | N/A |
| BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\0) character. | |||||
| CVE-2001-1313 | 1 Ibm | 1 Lotus Domino R5 | 2018-08-13 | 7.5 HIGH | N/A |
| Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2000-0891 | 1 Ibm | 1 Lotus Notes | 2018-08-13 | 7.5 HIGH | N/A |
| A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. | |||||
| CVE-2000-1209 | 2 Compaq, Microsoft | 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more | 2018-08-13 | 10.0 HIGH | N/A |
| The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. | |||||
| CVE-2004-0580 | 1 Linksys | 12 Befcmu10, Befn2ps4, Befsr11 and 9 more | 2018-08-13 | 5.0 MEDIUM | N/A |
| DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2001-1312 | 1 Ibm | 1 Lotus Domino R5 | 2018-08-13 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2002-0438 | 1 Zyxel | 1 Zywall10 | 2018-08-13 | 5.0 MEDIUM | N/A |
| ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface. | |||||
| CVE-2003-0604 | 1 Microsoft | 1 Windows Media Player | 2018-08-13 | 7.5 HIGH | N/A |
| Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. | |||||
| CVE-2002-1973 | 2 Microsoft, Working Resources Inc. | 2 Foundation Class Library, Badblue | 2018-08-13 | 7.5 HIGH | N/A |
| Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error. | |||||
| CVE-2003-1040 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 2.1 LOW | N/A |
| kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod. | |||||
| CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2018-08-13 | 7.5 HIGH | N/A |
| Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. | |||||
| CVE-2007-1096 | 1 Virtuemart | 1 Virtuemart | 2018-08-13 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376. | |||||
| CVE-2007-0585 | 1 Webfwlog | 1 Webfwlog | 2018-08-13 | 9.3 HIGH | N/A |
| include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. | |||||
| CVE-2006-5916 | 1 Intego | 1 Virusbarrier | 2018-08-13 | 5.0 MEDIUM | N/A |
| Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files. | |||||
| CVE-2015-2342 | 1 Vmware | 1 Vcenter Server | 2018-08-12 | 10.0 HIGH | N/A |
| The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol. | |||||
| CVE-2015-3218 | 1 Polkit Project | 1 Polkit | 2018-07-18 | 2.1 LOW | N/A |
| The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. | |||||
| CVE-2002-1318 | 3 Hp, Samba, Sgi | 3 Cifs-9000 Server, Samba, Irix | 2018-05-03 | 10.0 HIGH | N/A |
| Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string. | |||||
| CVE-2000-0077 | 1 Hp | 1 Hp-ux | 2018-05-03 | 7.2 HIGH | N/A |
| The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands. | |||||
| CVE-2000-0078 | 1 Hp | 1 Hp-ux | 2018-05-03 | 7.2 HIGH | N/A |
| The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. | |||||
| CVE-1999-0219 | 1 Cat Soft | 1 Serv-u | 2018-05-03 | 7.8 HIGH | N/A |
| Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. | |||||
| CVE-1999-0036 | 1 Sgi | 1 Irix | 2018-05-03 | 7.2 HIGH | N/A |
| IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. | |||||
| CVE-1999-1219 | 1 Sgi | 1 Irix | 2018-05-03 | 7.2 HIGH | N/A |
| Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command. | |||||
| CVE-1999-0039 | 1 Sgi | 1 Irix | 2018-05-03 | 7.5 HIGH | N/A |
| webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. | |||||
| CVE-2000-0887 | 1 Isc | 1 Bind | 2018-05-03 | 5.0 MEDIUM | N/A |
| named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." | |||||
| CVE-2000-0534 | 1 Aps Filter Development Team | 1 Apsfilter | 2018-05-03 | 4.6 MEDIUM | N/A |
| The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user. | |||||
| CVE-2000-0094 | 1 Netbsd | 1 Netbsd | 2018-05-03 | 7.2 HIGH | N/A |
| procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. | |||||
| CVE-1999-0052 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2018-05-03 | 5.0 MEDIUM | N/A |
| IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. | |||||
| CVE-2000-0149 | 1 Zeus Technologies | 1 Zeus Web Server | 2018-05-03 | 5.0 MEDIUM | N/A |
| Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. | |||||