Search Results (23508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1347 3 Apple, Cyrusimap, Redhat 4 Mac Os X, Mac Os X Server, Cyrus Sasl and 1 more 2026-04-16 9.8 Critical
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
CVE-2002-1344 3 Gnu, Redhat, Sun 4 Wget, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
CVE-2002-1341 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
CVE-2002-1336 2 Redhat, Tightvnc 3 Enterprise Linux, Linux, Tightvnc 2026-04-16 N/A
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
CVE-2002-1119 2 Python, Redhat 3 Python, Enterprise Linux, Linux 2026-04-16 N/A
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
CVE-2002-1131 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
CVE-2002-1132 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
CVE-2002-1154 2 Redhat, Stephen Turner 2 Powertools, Analog 2026-04-16 N/A
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
CVE-2002-1160 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
CVE-2002-1216 2 Gnu, Redhat 3 Tar, Enterprise Linux, Linux 2026-04-16 N/A
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
CVE-2004-0492 6 Apache, Hp, Ibm and 3 more 8 Http Server, Virtualvault, Vvos and 5 more 2026-04-16 N/A
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVE-2002-1232 3 Debian, Hp, Redhat 4 Debian Linux, Secure Os, Enterprise Linux and 1 more 2026-04-16 N/A
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
CVE-2002-1235 4 Debian, Kth, Mit and 1 more 6 Debian Linux, Kth Kerberos 4, Kth Kerberos 5 and 3 more 2026-04-16 N/A
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2002-1247 3 Kde, Lisa, Redhat 5 Kde, Klisa, Lisa and 2 more 2026-04-16 N/A
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
CVE-2004-0493 6 Apache, Avaya, Gentoo and 3 more 9 Http Server, Converged Communications Server, S8300 and 6 more 2026-04-16 N/A
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVE-2004-0495 6 Avaya, Conectiva, Gentoo and 3 more 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more 2026-04-16 N/A
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
CVE-2002-1276 2 Redhat, Squirrelmail 2 Linux, Squirrelmail 2026-04-16 N/A
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
CVE-2002-1281 2 Kde, Redhat 2 Kde, Linux 2026-04-16 N/A
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
CVE-2002-1282 2 Kde, Redhat 2 Kde, Linux 2026-04-16 N/A
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
CVE-2002-1306 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.