Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0698 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2003-0697 1 Ibm 1 Aix 2008-09-10 7.2 HIGH N/A
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
CVE-2003-0691 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none.
CVE-2003-0689 1 Redhat 1 Enterprise Linux 2008-09-10 7.5 HIGH N/A
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
CVE-2003-0687 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was internally assigned to a problem that was not reachable (the affected routine was not used by the software). Notes: none.
CVE-2003-0680 1 Sgi 1 Irix 2008-09-10 7.5 HIGH N/A
Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions.
CVE-2003-0679 1 Sgi 1 Irix 2008-09-10 2.1 LOW N/A
Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files.
CVE-2003-0677 1 Cisco 1 Webns 2008-09-10 5.0 MEDIUM N/A
Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure."
CVE-2003-0672 1 Leon J Breedt 1 Pam-pgsql 2008-09-10 7.5 HIGH N/A
Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
CVE-2003-0671 1 Jeremy Elson 1 Tcpflow 2008-09-10 7.2 HIGH N/A
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
CVE-2003-0791 2 Mozilla, Sco 2 Mozilla, Openserver 2008-09-10 7.5 HIGH N/A
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
CVE-2003-0670 1 Sustainable Softworks 2 Ipnetmonitorx, Ipnetsentryx 2008-09-10 2.1 LOW N/A
Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow.
CVE-2003-0658 2 Caldera, Sco 4 Openlinux Server, Openlinux Workstation, Openserver and 1 more 2008-09-10 5.0 MEDIUM N/A
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
CVE-2003-0654 1 Autorespond 1 Autorespond 2008-09-10 7.5 HIGH N/A
Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
CVE-2003-0653 1 Netbsd 1 Netbsd 2008-09-10 5.0 MEDIUM N/A
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
CVE-2003-0647 1 Cisco 1 Ios 2008-09-10 7.5 HIGH N/A
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
CVE-2003-0646 1 Trend Micro 2 Damage Cleanup Server, Housecall 2008-09-10 7.5 HIGH N/A
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings.
CVE-2003-0643 1 Linux 1 Linux Kernel 2008-09-10 2.1 LOW N/A
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).
CVE-2003-0790 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a broken component of fetchmail that is not "reachable" by any execution path, so it cannot be triggered by any sort of attack and is not exploitable.
CVE-2003-0777 1 Sane 2 Sane, Sane-backend 2008-09-10 5.0 MEDIUM N/A
saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).
CVE-2003-0776 1 Sane 2 Sane, Sane-backend 2008-09-10 7.5 HIGH N/A
saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.
CVE-2003-0853 2 Gnu, Washington University 2 Fileutils, Wu-ftpd 2008-09-10 5.0 MEDIUM N/A
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
CVE-2003-0778 1 Sane 2 Sane, Sane-backend 2008-09-10 5.0 MEDIUM N/A
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).
CVE-2003-0785 1 Brian Bassett 1 Ipmasq 2008-09-10 7.5 HIGH N/A
ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
CVE-2003-0786 1 Openbsd 1 Openssh 2008-09-10 10.0 HIGH N/A
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
CVE-2003-0787 1 Openbsd 1 Openssh 2008-09-10 7.5 HIGH N/A
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
CVE-2003-0774 1 Sane 2 Sane, Sane-backend 2008-09-10 7.5 HIGH N/A
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
CVE-2003-0775 1 Sane 2 Sane, Sane-backend 2008-09-10 5.0 MEDIUM N/A
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
CVE-2003-0613 1 Zblast 1 Zblast 2008-09-10 4.6 MEDIUM N/A
Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file.
CVE-2003-0582 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2003-0516 1 Gert Doering 1 Mgetty 2008-09-10 7.5 HIGH N/A
cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
CVE-2003-0450 1 Cistron 1 Radius Daemon 2008-09-10 7.5 HIGH N/A
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
CVE-2003-0574 1 Sgi 1 Irix 2008-09-10 7.2 HIGH N/A
Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028.
CVE-2003-0595 1 Witango 2 Tango Server, Witango Server 2008-09-10 7.5 HIGH N/A
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
CVE-2003-0576 1 Sgi 1 Irix 2008-09-10 5.0 MEDIUM N/A
Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619.
CVE-2003-0515 1 Teapop 1 Teapop 2008-09-10 7.5 HIGH N/A
SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.
CVE-2003-0606 2 Cvsup, Sup 2 Cvsup-mirror, Sup 2008-09-10 4.6 MEDIUM N/A
sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
CVE-2003-0436 1 Mnogosearch 1 Mnogosearch 2008-09-10 7.5 HIGH N/A
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
CVE-2003-0598 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2003-0538 1 Mozart 1 Mozart 2008-09-10 7.5 HIGH N/A
The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.
CVE-2003-0577 1 Mpg123 1 Mpg123 2008-09-10 7.5 HIGH N/A
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
CVE-2003-0535 1 Xblockout 1 Xbl 2008-09-10 7.2 HIGH N/A
Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option.
CVE-2003-0437 1 Mnogosearch 1 Mnogosearch 2008-09-10 7.5 HIGH N/A
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.
CVE-2003-0610 1 Mcafee 1 Epolicy Orchestrator 2008-09-10 5.0 MEDIUM N/A
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
CVE-2003-0591 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a duplicate number that was created during the refinement phase. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2003-0463 2008-09-10 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2003-0518 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-10 4.6 MEDIUM N/A
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
CVE-2003-0256 1 Kde 1 Kopete 2008-09-10 7.5 HIGH N/A
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
CVE-2003-0423 1 Apple 1 Darwin Streaming Server 2008-09-10 5.0 MEDIUM N/A
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
CVE-2003-0422 1 Apple 1 Darwin Streaming Server 2008-09-10 5.0 MEDIUM N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.