Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3155 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. | |||||
| CVE-2014-3154 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown. | |||||
| CVE-2014-3465 | 1 Gnu | 1 Gnutls | 2017-12-29 | 5.0 MEDIUM | N/A |
| The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. | |||||
| CVE-2012-1950 | 1 Mozilla | 2 Firefox, Firefox Esr | 2017-12-29 | 6.4 MEDIUM | N/A |
| The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. | |||||
| CVE-2014-1545 | 1 Mozilla | 1 Netscape Portable Runtime | 2017-12-28 | 10.0 HIGH | N/A |
| Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. | |||||
| CVE-2014-1536 | 1 Mozilla | 1 Firefox | 2017-12-28 | 10.0 HIGH | N/A |
| The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2014-1537 | 1 Mozilla | 1 Firefox | 2017-12-28 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2014-1541 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2017-12-28 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. | |||||
| CVE-2014-1540 | 1 Mozilla | 1 Firefox | 2017-12-28 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. | |||||
| CVE-2014-1538 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2017-12-28 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2002-1643 | 1 Realnetworks | 1 Helix Universal Server | 2017-12-23 | 7.5 HIGH | N/A |
| Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments. | |||||
| CVE-2002-1951 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 7.5 HIGH | N/A |
| Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. | |||||
| CVE-2000-0227 | 1 Linux | 1 Linux Kernel | 2017-12-20 | 2.1 LOW | N/A |
| The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets. | |||||
| CVE-1999-1264 | 1 Ramp Networks | 1 Webramp | 2017-12-20 | 7.5 HIGH | N/A |
| WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled. | |||||
| CVE-2002-0680 | 3 Goahead Software, Montavista Software, Orange Software | 3 Goahead Webserver, Hard Hat Linux, Orange Web Server | 2017-12-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. | |||||
| CVE-2002-0681 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. | |||||
| CVE-2001-0228 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. | |||||
| CVE-2001-0984 | 1 Counterpane | 1 Password Safe | 2017-12-20 | 4.6 MEDIUM | N/A |
| Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords. | |||||
| CVE-2001-0385 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 5.0 MEDIUM | N/A |
| GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | |||||
| CVE-2001-0068 | 1 Apple | 1 Mac Os Runtime For Java | 2017-12-19 | 2.6 LOW | N/A |
| Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter. | |||||
| CVE-2001-0454 | 1 Whitsoft | 1 Slimserve | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request. | |||||
| CVE-2001-0458 | 4 Debian, Mandrakesoft, Ralf S. Engelschall and 1 more | 4 Debian Linux, Mandrake Linux, Eperl and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0459 | 2 Afterstep.org, Rob Malda | 2 Afterstep, Ascdc | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option. | |||||
| CVE-2001-0460 | 1 Baltimore Technologies | 1 Websweeper | 2017-12-19 | 5.0 MEDIUM | N/A |
| Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header. | |||||
| CVE-2000-1156 | 1 Sun | 1 Staroffice | 2017-12-19 | 3.6 LOW | N/A |
| StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. | |||||
| CVE-2001-0468 | 1 Ftpfs | 1 Ftpfs | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in FTPFS allows local users to gain root privileges via a long user name. | |||||
| CVE-2001-0472 | 1 Ibm | 1 High Availability Cluster Multiprocessing | 2017-12-19 | 5.0 MEDIUM | N/A |
| Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request. | |||||
| CVE-2001-0476 | 1 Swsoft | 1 Aspseek | 2017-12-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter. | |||||
| CVE-2001-1154 | 2 Bsdi, Carnegie Mellon University | 2 Bsd Os, Cyrus Imap Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. | |||||
| CVE-2001-1151 | 1 Trend Micro | 2 Officescan, Virus Buster | 2017-12-19 | 5.0 MEDIUM | N/A |
| Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. | |||||
| CVE-2001-0027 | 1 Proftpd Project | 1 Proftpd | 2017-12-19 | 7.5 HIGH | N/A |
| mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. | |||||
| CVE-2001-1140 | 1 Working Resources Inc. | 1 Badblue | 2017-12-19 | 5.0 MEDIUM | N/A |
| BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. | |||||
| CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2017-12-19 | 7.5 HIGH | N/A |
| ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. | |||||
| CVE-2001-0491 | 1 Team Johnlong | 1 Raidenftpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST. | |||||
| CVE-2001-0492 | 1 Netcruiser Software | 1 Netcruiser Web Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3. | |||||
| CVE-2001-0496 | 2 Mandrakesoft, Redhat | 2 Mandrake Linux, Linux | 2017-12-19 | 4.6 MEDIUM | N/A |
| kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. | |||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | |||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
| CVE-2001-0519 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2017-12-19 | 7.5 HIGH | N/A |
| Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. | |||||
| CVE-2001-0524 | 1 Eeye Digital Security | 1 Securells | 2017-12-19 | 7.5 HIGH | N/A |
| eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier. | |||||
| CVE-2000-1009 | 2 Redhat, Trustix | 2 Linux, Secure Linux | 2017-12-19 | 7.2 HIGH | N/A |
| dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||||
| CVE-2000-0971 | 1 Avirt | 1 Avirt Mail Server | 2017-12-19 | 10.0 HIGH | N/A |
| Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. | |||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||||
| CVE-2001-1126 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 7.5 HIGH | N/A |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1124 | 1 Hp | 1 Hp-ux | 2017-12-19 | 5.0 MEDIUM | N/A |
| rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. | |||||
| CVE-2001-1123 | 1 Hp | 1 Openview Network Node Manager | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID. | |||||
| CVE-2001-1122 | 1 Microsoft | 1 Windows Nt | 2017-12-19 | 2.1 LOW | N/A |
| Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. | |||||
| CVE-2001-0557 | 1 T. Hauck | 1 Jana Web Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e). | |||||
| CVE-2001-0561 | 1 Drummond Miles | 1 A1stats | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi. | |||||