Search Results (91 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0595 4 Avaya, Php, Redhat and 1 more 11 Converged Communications Server, Integrated Management, S8300 and 8 more 2026-04-16 N/A
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2005-0605 8 Altlinux, Lesstif, Mandrakesoft and 5 more 12 Alt Linux, Lesstif, Mandrake Linux and 9 more 2026-04-16 N/A
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2004-1012 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more 6 Cyrus Imap Server, Linux, Openpkg and 3 more 2026-04-16 N/A
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
CVE-2004-1067 3 Carnegie Mellon University, Redhat, Ubuntu 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux 2026-04-16 N/A
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
CVE-2004-1335 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Fedora Core and 1 more 2026-04-16 N/A
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
CVE-2004-0415 3 Linux, Redhat, Trustix 4 Linux Kernel, Enterprise Linux, Fedora Core and 1 more 2026-04-16 N/A
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
CVE-2005-3625 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2026-04-16 N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVE-2005-3626 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2026-04-16 N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2004-0817 9 Conectiva, Enlightenment, Imagemagick and 6 more 16 Linux, Imlib, Imlib2 and 13 more 2026-04-16 N/A
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2004-0888 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2026-04-16 N/A
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVE-2022-3675 1 Redhat 1 Fedora Coreos 2025-05-02 2.6 Low
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line.