Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0698 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0697 | 1 Ibm | 1 Aix | 2008-09-10 | 7.2 HIGH | N/A |
| Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges. | |||||
| CVE-2003-0691 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none. | |||||
| CVE-2003-0689 | 1 Redhat | 1 Enterprise Linux | 2008-09-10 | 7.5 HIGH | N/A |
| The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow. | |||||
| CVE-2003-0687 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was internally assigned to a problem that was not reachable (the affected routine was not used by the software). Notes: none. | |||||
| CVE-2003-0680 | 1 Sgi | 1 Irix | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions. | |||||
| CVE-2003-0679 | 1 Sgi | 1 Irix | 2008-09-10 | 2.1 LOW | N/A |
| Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files. | |||||
| CVE-2003-0677 | 1 Cisco | 1 Webns | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure." | |||||
| CVE-2003-0672 | 1 Leon J Breedt | 1 Pam-pgsql | 2008-09-10 | 7.5 HIGH | N/A |
| Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message. | |||||
| CVE-2003-0671 | 1 Jeremy Elson | 1 Tcpflow | 2008-09-10 | 7.2 HIGH | N/A |
| Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow. | |||||
| CVE-2003-0791 | 2 Mozilla, Sco | 2 Mozilla, Openserver | 2008-09-10 | 7.5 HIGH | N/A |
| The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | |||||
| CVE-2003-0670 | 1 Sustainable Softworks | 2 Ipnetmonitorx, Ipnetsentryx | 2008-09-10 | 2.1 LOW | N/A |
| Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow. | |||||
| CVE-2003-0658 | 2 Caldera, Sco | 4 Openlinux Server, Openlinux Workstation, Openserver and 1 more | 2008-09-10 | 5.0 MEDIUM | N/A |
| Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. | |||||
| CVE-2003-0654 | 1 Autorespond | 1 Autorespond | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail. | |||||
| CVE-2003-0653 | 1 Netbsd | 1 Netbsd | 2008-09-10 | 5.0 MEDIUM | N/A |
| The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets. | |||||
| CVE-2003-0647 | 1 Cisco | 1 Ios | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. | |||||
| CVE-2003-0646 | 1 Trend Micro | 2 Damage Cleanup Server, Housecall | 2008-09-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. | |||||
| CVE-2003-0643 | 1 Linux | 1 Linux Kernel | 2008-09-10 | 2.1 LOW | N/A |
| Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash). | |||||
| CVE-2003-0790 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a broken component of fetchmail that is not "reachable" by any execution path, so it cannot be triggered by any sort of attack and is not exploitable. | |||||
| CVE-2003-0777 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault). | |||||
| CVE-2003-0776 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 7.5 HIGH | N/A |
| saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences. | |||||
| CVE-2003-0853 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | |||||
| CVE-2003-0778 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption). | |||||
| CVE-2003-0785 | 1 Brian Bassett | 1 Ipmasq | 2008-09-10 | 7.5 HIGH | N/A |
| ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering. | |||||
| CVE-2003-0786 | 1 Openbsd | 1 Openssh | 2008-09-10 | 10.0 HIGH | N/A |
| The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. | |||||
| CVE-2003-0787 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. | |||||
| CVE-2003-0774 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 7.5 HIGH | N/A |
| saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed. | |||||
| CVE-2003-0775 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash). | |||||
| CVE-2003-0613 | 1 Zblast | 1 Zblast | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file. | |||||
| CVE-2003-0582 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0516 | 1 Gert Doering | 1 Mgetty | 2008-09-10 | 7.5 HIGH | N/A |
| cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings. | |||||
| CVE-2003-0450 | 1 Cistron | 1 Radius Daemon | 2008-09-10 | 7.5 HIGH | N/A |
| Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow. | |||||
| CVE-2003-0574 | 1 Sgi | 1 Irix | 2008-09-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028. | |||||
| CVE-2003-0595 | 1 Witango | 2 Tango Server, Witango Server | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference. | |||||
| CVE-2003-0576 | 1 Sgi | 1 Irix | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619. | |||||
| CVE-2003-0515 | 1 Teapop | 1 Teapop | 2008-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges. | |||||
| CVE-2003-0606 | 2 Cvsup, Sup | 2 Cvsup-mirror, Sup | 2008-09-10 | 4.6 MEDIUM | N/A |
| sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0436 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter. | |||||
| CVE-2003-0598 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0538 | 1 Mozart | 1 Mozart | 2008-09-10 | 7.5 HIGH | N/A |
| The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program. | |||||
| CVE-2003-0577 | 1 Mpg123 | 1 Mpg123 | 2008-09-10 | 7.5 HIGH | N/A |
| mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. | |||||
| CVE-2003-0535 | 1 Xblockout | 1 Xbl | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option. | |||||
| CVE-2003-0437 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter. | |||||
| CVE-2003-0610 | 1 Mcafee | 1 Epolicy Orchestrator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. | |||||
| CVE-2003-0591 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a duplicate number that was created during the refinement phase. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0463 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2003-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. | |||||
| CVE-2003-0256 | 1 Kde | 1 Kopete | 2008-09-10 | 7.5 HIGH | N/A |
| The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2003-0423 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. | |||||
| CVE-2003-0422 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. | |||||