Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1010 | 1 Info-zip | 1 Zip | 2018-10-03 | 10.0 HIGH | N/A |
| Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname. | |||||
| CVE-2004-1058 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2018-10-03 | 1.2 LOW | N/A |
| Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline. | |||||
| CVE-2004-1125 | 3 Easy Software Products, Kde, Xpdf | 3 Cups, Kde, Xpdf | 2018-10-03 | 9.3 HIGH | N/A |
| Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | |||||
| CVE-2004-1267 | 2 Easy Software Products, Redhat | 2 Cups, Fedora Core | 2018-10-03 | 6.5 MEDIUM | N/A |
| Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file. | |||||
| CVE-2004-1268 | 2 Easy Software Products, Redhat | 2 Cups, Fedora Core | 2018-10-03 | 2.1 LOW | N/A |
| lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. | |||||
| CVE-2004-1269 | 2 Easy Software Products, Redhat | 2 Cups, Fedora Core | 2018-10-03 | 5.0 MEDIUM | N/A |
| lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. | |||||
| CVE-2004-1270 | 2 Easy Software Products, Redhat | 2 Cups, Fedora Core | 2018-10-03 | 2.1 LOW | N/A |
| lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message. | |||||
| CVE-2004-1333 | 2 Linux, Redhat | 3 Linux Kernel, Fedora Core, Linux | 2018-10-03 | 2.1 LOW | N/A |
| Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. | |||||
| CVE-2004-1387 | 1 Apache | 1 Http Server | 2018-10-03 | 2.1 LOW | N/A |
| The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2004-1487 | 1 Gnu | 1 Wget | 2018-10-03 | 5.0 MEDIUM | N/A |
| wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | |||||
| CVE-2004-1488 | 1 Gnu | 1 Wget | 2018-10-03 | 5.0 MEDIUM | N/A |
| wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | |||||
| CVE-2004-2014 | 1 Gnu | 1 Wget | 2018-10-03 | 2.6 LOW | N/A |
| Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. | |||||
| CVE-2004-2655 | 1 Xscreensaver | 1 Xscreensaver | 2018-10-03 | 5.4 MEDIUM | N/A |
| rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | |||||
| CVE-2005-0102 | 1 Ximian | 1 Evolution | 2018-10-03 | 7.2 HIGH | N/A |
| Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. | |||||
| CVE-2005-0106 | 1 Ubuntu | 1 Ubuntu Linux | 2018-10-03 | 4.6 MEDIUM | N/A |
| SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file. | |||||
| CVE-2005-0201 | 1 D-bus | 1 D-bus | 2018-10-03 | 2.1 LOW | N/A |
| D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket. | |||||
| CVE-2005-0384 | 4 Redhat, Suse, Trustix and 1 more | 4 Enterprise Linux, Suse Linux, Secure Linux and 1 more | 2018-10-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client. | |||||
| CVE-2005-0400 | 1 Linux | 1 Linux Kernel | 2018-10-03 | 2.1 LOW | N/A |
| The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block. | |||||
| CVE-2005-0448 | 1 Larry Wall | 1 Perl | 2018-10-03 | 1.2 LOW | N/A |
| Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | |||||
| CVE-2005-0449 | 1 Linux | 1 Linux Kernel | 2018-10-03 | 7.1 HIGH | N/A |
| The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | |||||
| CVE-2005-0605 | 8 Altlinux, Lesstif, Mandrakesoft and 5 more | 11 Alt Linux, Lesstif, Mandrake Linux and 8 more | 2018-10-03 | 7.5 HIGH | N/A |
| scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. | |||||
| CVE-2005-0626 | 1 Squid | 1 Squid | 2018-10-03 | 2.6 LOW | N/A |
| Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. | |||||
| CVE-2005-0664 | 1 Libexif | 1 Libexif | 2018-10-03 | 2.6 LOW | N/A |
| Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. | |||||
| CVE-2005-0718 | 1 Squid | 1 Squid | 2018-10-03 | 5.0 MEDIUM | N/A |
| Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. | |||||
| CVE-2005-0736 | 3 Conectiva, Linux, Redhat | 5 Linux, Linux Kernel, Enterprise Linux and 2 more | 2018-10-03 | 2.1 LOW | N/A |
| Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. | |||||
| CVE-2005-0749 | 1 Linux | 1 Linux Kernel | 2018-10-03 | 7.2 HIGH | N/A |
| The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer. | |||||
| CVE-2005-0767 | 1 Linux | 1 Linux Kernel | 2018-10-03 | 6.9 MEDIUM | N/A |
| Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root. | |||||
| CVE-2005-0806 | 1 Ximian | 1 Evolution | 2018-10-03 | 5.0 MEDIUM | N/A |
| Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames. | |||||
| CVE-2018-1999022 | 2 Civicrm, Html Quickform Project | 2 Civicrm, Html Quickform | 2018-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15. | |||||
| CVE-2017-5693 | 1 Intel | 2 Puma, Puma Firmware | 2018-10-03 | 7.8 HIGH | 7.5 HIGH |
| Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic. | |||||
| CVE-2018-14775 | 1 Openbsd | 1 Openbsd | 2018-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. | |||||
| CVE-2017-2189 | 1 Sharp | 1 Rw-4040 | 2018-10-03 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2192 | 1 Sharp | 1 Rw-5100 | 2018-10-03 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-9569 | 1 Citizensbanktx | 1 Cbtx On The Go | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9571 | 1 Ccbank | 1 Ccb Mobile Banking | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9572 | 1 Athensstatebank | 1 Athens State Bank Mobile | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9576 | 1 Mononabank | 1 Middleton Community Bank Mobile | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9577 | 1 Fcbl | 1 First Citizens Bank-mobile | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9578 | 1 Rivervalleycommunitybank | 1 Rvcb Mobile | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9584 | 1 Heritagebankozarks | 1 Hbo Mobile Banking | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9601 | 1 Fnbkemp | 1 Fnb Kemp Mobile Banking | 2018-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2018-6519 | 2 Debian, Simplesamlphp | 2 Debian Linux, Saml2 | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | |||||
| CVE-2015-4523 | 1 Symantec | 2 Malware Analysis Appliance, Malware Analyzer G2 | 2018-10-03 | 9.0 HIGH | 9.3 CRITICAL |
| Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. | |||||
| CVE-2018-1155 | 1 Tenable | 1 Securitycenter | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue. | |||||
| CVE-2018-12606 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. | |||||
| CVE-2018-12607 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. | |||||
| CVE-2018-12605 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. | |||||
| CVE-2018-14872 | 1 Rincewind Project | 1 Rincewind | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset. | |||||
| CVE-2018-1999041 | 1 Jenkins | 1 Tinfoil Security | 2018-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. | |||||
| CVE-2018-14977 | 1 Q-cms | 1 Qcms | 2018-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. | |||||