Search Results (363426 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0427 1 Cisco 6 Vpn 3000 Concentrator, Vpn 3005 Concentrator, Vpn 3015 Concentrator and 3 more 2026-04-16 N/A
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
CVE-2003-1234 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
CVE-2001-0426 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
CVE-2004-1090 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2026-04-16 N/A
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
CVE-2003-1232 1 Gnu 1 Emacs 2026-04-16 N/A
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
CVE-2001-0422 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
CVE-2001-0421 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
CVE-2003-1228 1 Mathopd 1 Mathopd 2026-04-16 N/A
Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path.
CVE-2001-0416 4 Debian, Immunix, Mandrakesoft and 1 more 4 Sgml-tools, Immunix, Mandrake Linux and 1 more 2026-04-16 N/A
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
CVE-2004-1088 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2026-04-16 N/A
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
CVE-2003-1227 1 Gallery Project 1 Gallery 2026-04-16 N/A
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
CVE-2001-0415 1 Redi 1 Rediplus 2026-04-16 N/A
REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.
CVE-2003-1225 1 Bea 1 Weblogic Server 2026-04-16 N/A
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
CVE-2001-0412 1 Cisco 3 Content Services Switch 11050, Content Services Switch 11150, Content Services Switch 11800 2026-04-16 N/A
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
CVE-2001-0408 2 Redhat, Vim Development Group 2 Linux, Vim 2026-04-16 N/A
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
CVE-2001-0407 1 Oracle 1 Mysql 2026-04-16 N/A
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
CVE-2001-0405 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
CVE-2004-1085 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2026-04-16 N/A
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
CVE-2003-1222 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
CVE-2001-0402 3 Darren Reed, Freebsd, Openbsd 3 Ipfilter, Freebsd, Openbsd 2026-04-16 N/A
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.