| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets. |
| By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared. |
| Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. |
| KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. |
| Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file. |
| rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter. |
| mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. |
| /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. |
| Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. |
| A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). |
| The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. |
| Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. |
| Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000. |
| Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. |
| TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. |
| Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. |
| The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning. |
| Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command. |
| Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. |
| Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. |