| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. |
| KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. |
| Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text. |
| Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. |
| Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86." |
| GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. |
| ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. |
| The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow. |
| Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. |
| SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34. |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file. |
| Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. |
| Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. |
| mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message. |
| I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. |
| Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". |
| HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length. |
| Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. |
| The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?". |
| NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. |