| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-0115 | 7.2 |
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket
|
16-02-2024 - 20:28 | 30-03-2009 - 16:30 | |
| CVE-2004-0112 | 5.0 |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
|
15-02-2024 - 20:54 | 23-11-2004 - 05:00 | |
| CVE-2007-4000 | 8.5 |
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow
|
09-02-2024 - 03:24 | 05-09-2007 - 10:17 | |
| CVE-2009-2416 | 4.3 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
|
02-02-2024 - 16:04 | 11-08-2009 - 18:30 | |
| CVE-2005-3120 | 7.5 |
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
|
02-02-2024 - 14:00 | 17-10-2005 - 20:06 | |
| CVE-2009-4141 | 7.2 |
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then cl
|
13-02-2023 - 02:20 | 19-01-2010 - 16:30 | |
| CVE-2009-1891 | 7.1 |
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
|
13-02-2023 - 02:20 | 10-07-2009 - 15:30 | |
| CVE-2008-4307 | 4.0 |
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improp
|
13-02-2023 - 02:19 | 13-01-2009 - 17:00 | |
| CVE-2002-0190 | 7.5 |
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerabilit
|
23-07-2021 - 12:55 | 29-05-2002 - 04:00 | |
| CVE-2002-0022 | 7.5 |
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings
|
23-07-2021 - 12:55 | 08-03-2002 - 05:00 | |
| CVE-2001-0727 | 7.5 |
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, ak
|
23-07-2021 - 12:55 | 14-12-2001 - 05:00 | |
| CVE-2003-0344 | 7.5 |
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
|
23-07-2021 - 12:55 | 16-06-2003 - 04:00 | |
| CVE-2003-0113 | 7.5 |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
|
23-07-2021 - 12:55 | 12-05-2003 - 04:00 | |
| CVE-2001-0002 | 7.5 |
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
|
23-07-2021 - 12:18 | 21-07-2001 - 04:00 | |
| CVE-2002-0869 | 7.5 |
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka
|
23-11-2020 - 19:49 | 12-11-2002 - 05:00 | |
| CVE-2002-0148 | 7.5 |
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
|
23-11-2020 - 19:49 | 22-04-2002 - 04:00 | |
| CVE-2008-0948 | 9.3 |
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows re
|
21-01-2020 - 15:44 | 19-03-2008 - 00:44 | |
| CVE-2007-5461 | 3.5 |
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write reque
|
25-03-2019 - 11:29 | 15-10-2007 - 18:17 | |
| CVE-2000-0778 | 5.0 |
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
|
30-10-2018 - 16:25 | 20-10-2000 - 04:00 | |
| CVE-2007-2875 | 2.1 |
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading th
|
19-10-2018 - 19:03 | 11-06-2007 - 22:30 | |
| CVE-2006-0300 | 5.1 |
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
|
19-10-2018 - 15:44 | 24-02-2006 - 00:02 | |
| CVE-2005-2102 | 5.0 |
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
|
19-10-2018 - 15:32 | 16-08-2005 - 04:00 | |
| CVE-2004-0123 | 7.5 |
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
12-10-2018 - 21:34 | 01-06-2004 - 04:00 | |
| CVE-2009-0747 | 4.9 |
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of servic
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
| CVE-2009-0776 | 7.1 |
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
| CVE-2007-1797 | 6.8 |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in
|
11-10-2017 - 01:31 | 02-04-2007 - 22:19 | |
| CVE-2005-3089 | 2.6 |
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnera
|
11-10-2017 - 01:30 | 28-09-2005 - 18:03 | |
| CVE-2005-1477 | 5.1 |
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when
|
11-10-2017 - 01:30 | 09-05-2005 - 04:00 | |
| CVE-2005-1431 | 5.0 |
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
|
11-10-2017 - 01:30 | 03-05-2005 - 04:00 | |
| CVE-2004-0155 | 7.5 |
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-
|
11-10-2017 - 01:29 | 01-06-2004 - 04:00 | |
| CVE-2004-1392 | 5.0 |
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
| CVE-2004-0761 | 5.0 |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
| CVE-2005-0078 | 4.6 |
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
| CVE-2004-0003 | 4.6 |
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
|
11-10-2017 - 01:29 | 03-03-2004 - 05:00 | |
| CVE-2009-1839 | 5.4 |
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "
|
29-09-2017 - 01:34 | 12-06-2009 - 21:30 | |
| CVE-2009-1829 | 5.0 |
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
|
29-09-2017 - 01:34 | 29-05-2009 - 22:30 | |
| CVE-2007-6712 | 4.9 |
Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to
|
29-09-2017 - 01:30 | 12-04-2008 - 19:05 | |
| CVE-2007-5275 | 5.0 |
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-ac
|
29-09-2017 - 01:29 | 08-10-2007 - 23:17 | |
| CVE-2010-1439 | 3.6 |
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Networ
|
19-09-2017 - 01:30 | 07-06-2010 - 17:12 |