Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0104 | 4 Caldera, Hp, Microsoft and 1 more | 5 Openlinux, Hp-ux, Windows 95 and 2 more | 2018-08-22 | 5.0 MEDIUM | N/A |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. | |||||
| CVE-1999-1579 | 1 Microsoft | 1 Windows Nt | 2018-08-13 | 5.0 MEDIUM | N/A |
| The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine. | |||||
| CVE-2009-3274 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2018-08-13 | 4.4 MEDIUM | N/A |
| Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-3504 | 3 Apache, Canonical, Serf Project | 3 Subversion, Ubuntu Linux, Serf | 2018-08-13 | 4.0 MEDIUM | N/A |
| The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2014-2891 | 2 Debian, Strongswan | 2 Strongswan, Strongswan | 2018-08-13 | 5.0 MEDIUM | N/A |
| strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. | |||||
| CVE-2012-6109 | 1 Rack Project | 1 Rack | 2018-08-13 | 4.3 MEDIUM | N/A |
| lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. | |||||
| CVE-2014-9650 | 1 Pivotal Software | 1 Rabbitmq | 2018-08-13 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions. | |||||
| CVE-2010-5210 | 1 Soraxsoft | 1 Sorax Reader | 2018-08-13 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-4511 | 1 Gitlist | 1 Gitlist | 2018-08-13 | 7.5 HIGH | N/A |
| Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/. | |||||
| CVE-2013-7446 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 5.4 MEDIUM | 5.3 MEDIUM |
| Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | |||||
| CVE-2001-1313 | 1 Ibm | 1 Lotus Domino R5 | 2018-08-13 | 7.5 HIGH | N/A |
| Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2000-0891 | 1 Ibm | 1 Lotus Notes | 2018-08-13 | 7.5 HIGH | N/A |
| A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. | |||||
| CVE-2000-1209 | 2 Compaq, Microsoft | 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more | 2018-08-13 | 10.0 HIGH | N/A |
| The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. | |||||
| CVE-2004-0580 | 1 Linksys | 12 Befcmu10, Befn2ps4, Befsr11 and 9 more | 2018-08-13 | 5.0 MEDIUM | N/A |
| DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2001-1312 | 1 Ibm | 1 Lotus Domino R5 | 2018-08-13 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2002-0438 | 1 Zyxel | 1 Zywall10 | 2018-08-13 | 5.0 MEDIUM | N/A |
| ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface. | |||||
| CVE-2005-4584 | 1 Bzflag | 1 Bzflag Server | 2018-08-13 | 5.0 MEDIUM | N/A |
| BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\0) character. | |||||
| CVE-2005-4829 | 1 Virtuemart | 1 Virtuemart | 2018-08-13 | 10.0 HIGH | N/A |
| VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors. | |||||
| CVE-2005-1907 | 1 Microsoft | 1 Isa Server | 2018-08-13 | 5.0 MEDIUM | N/A |
| The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. | |||||
| CVE-2005-3107 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 2.1 LOW | N/A |
| fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. | |||||
| CVE-2005-1395 | 1 Swlink | 1 Ce Ceterm | 2018-08-13 | 7.2 HIGH | N/A |
| Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument. | |||||
| CVE-2005-1396 | 1 Swlink | 1 Ce Ceterm | 2018-08-13 | 1.2 LOW | N/A |
| Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file. | |||||
| CVE-2005-3134 | 1 Citrix | 1 Metaframe | 2018-08-13 | 7.5 HIGH | N/A |
| Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName). | |||||
| CVE-2005-3105 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 2.1 LOW | N/A |
| The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. | |||||
| CVE-2005-2277 | 1 Nokia | 1 Affix | 2018-08-13 | 10.0 HIGH | N/A |
| Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | |||||
| CVE-2005-1574 | 1 Microsoft | 1 Windows Media Player | 2018-08-13 | 7.5 HIGH | N/A |
| Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. | |||||
| CVE-2005-2682 | 1 Dtlink | 1 Areaedit | 2018-08-13 | 7.5 HIGH | N/A |
| aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable). | |||||
| CVE-2005-0156 | 7 Ibm, Larry Wall, Redhat and 4 more | 9 Aix, Perl, Enterprise Linux and 6 more | 2018-08-13 | 2.1 LOW | N/A |
| Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||||
| CVE-2005-0385 | 1 Frank Mcingvale | 1 Luxman | 2018-08-13 | 7.2 HIGH | N/A |
| Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument. | |||||
| CVE-2004-2463 | 1 Ada | 1 Imgsvr | 2018-08-13 | 7.5 HIGH | N/A |
| Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request. | |||||
| CVE-2004-2119 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2004-2118 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 5.0 MEDIUM | N/A |
| Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow. | |||||
| CVE-2004-2117 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 5.0 MEDIUM | N/A |
| Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version. | |||||
| CVE-2004-2116 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2005-0155 | 1 Larry Wall | 1 Perl | 2018-08-13 | 4.6 MEDIUM | N/A |
| The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. | |||||
| CVE-2005-0125 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-08-13 | 7.2 HIGH | N/A |
| The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. | |||||
| CVE-2003-1040 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 2.1 LOW | N/A |
| kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod. | |||||
| CVE-2003-0604 | 1 Microsoft | 1 Windows Media Player | 2018-08-13 | 7.5 HIGH | N/A |
| Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. | |||||
| CVE-2002-1973 | 2 Microsoft, Working Resources Inc. | 2 Foundation Class Library, Badblue | 2018-08-13 | 7.5 HIGH | N/A |
| Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error. | |||||
| CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2018-08-13 | 7.5 HIGH | N/A |
| Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. | |||||
| CVE-2006-5328 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2018-08-13 | 7.2 HIGH | N/A |
| OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. | |||||
| CVE-2006-5327 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2018-08-13 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. | |||||
| CVE-2006-2289 | 1 Avahi | 1 Avahi | 2018-08-13 | 2.1 LOW | N/A |
| Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-4627 | 1 Microsoft | 1 System Information Activex Control | 2018-08-13 | 5.0 MEDIUM | N/A |
| System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument. | |||||
| CVE-2006-2288 | 1 Avahi | 1 Avahi | 2018-08-13 | 3.6 LOW | N/A |
| Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. | |||||
| CVE-2007-4234 | 1 Camera Life | 1 Camera Life | 2018-08-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1160 | 1 Zyxel | 1 Zywall | 2018-08-13 | 7.5 HIGH | N/A |
| ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | |||||
| CVE-2007-4233 | 1 Camera Life | 1 Camera Life | 2018-08-13 | 4.3 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2007-1096 | 1 Virtuemart | 1 Virtuemart | 2018-08-13 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376. | |||||
| CVE-2007-0585 | 1 Webfwlog | 1 Webfwlog | 2018-08-13 | 9.3 HIGH | N/A |
| include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. | |||||