Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3783 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 4.9 MEDIUM | N/A |
| The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). | |||||
| CVE-2005-3272 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 5.0 MEDIUM | N/A |
| Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. | |||||
| CVE-2004-2616 | 1 Onnuri Infotek | 1 Activepost Standard | 2023-11-07 | 4.0 MEDIUM | N/A |
| The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message. | |||||
| CVE-2004-2118 | 1 Tinyserver | 1 Tinyserver | 2023-11-07 | 5.0 MEDIUM | N/A |
| Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow. | |||||
| CVE-2005-3510 | 1 Apache | 1 Tomcat | 2023-11-07 | 5.0 MEDIUM | N/A |
| Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. | |||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2023-11-07 | 4.0 MEDIUM | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | |||||
| CVE-2004-2522 | 1 Geeos Team | 1 Gattaca Server 2003 | 2023-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter. | |||||
| CVE-2005-3105 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 2.1 LOW | N/A |
| The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. | |||||
| CVE-2005-0125 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-11-07 | 7.2 HIGH | N/A |
| The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. | |||||
| CVE-2005-2090 | 1 Apache | 1 Tomcat | 2023-11-07 | 4.3 MEDIUM | N/A |
| Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2005-2500 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 7.5 HIGH | N/A |
| Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol. | |||||
| CVE-2005-2573 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-11-07 | 5.0 MEDIUM | N/A |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. | |||||
| CVE-2004-2518 | 1 Geeos Team | 1 Gattaca Server 2003 | 2023-11-07 | 5.0 MEDIUM | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message. | |||||
| CVE-2005-2388 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 95 and 4 more | 2023-11-07 | 7.2 HIGH | N/A |
| Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. | |||||
| CVE-2003-1040 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 2.1 LOW | N/A |
| kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod. | |||||
| CVE-2004-0812 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2023-11-07 | 2.1 LOW | N/A |
| Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code. | |||||
| CVE-2004-1582 | 1 Blackboard Internet Newsboard System | 1 Blackboard Internet Newsboard System | 2023-11-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php. | |||||
| CVE-2004-0177 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 5.0 MEDIUM | N/A |
| The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | |||||
| CVE-2003-0959 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 10.0 HIGH | N/A |
| Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments. | |||||
| CVE-2004-0596 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 2.1 LOW | N/A |
| The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference. | |||||