Search Results (139 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0494 2 Avaya, Redhat 4 Cvlan, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-16 N/A
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
CVE-2004-1050 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2026-04-16 N/A
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
CVE-2004-0842 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2026-04-16 N/A
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
CVE-2004-0554 6 Avaya, Conectiva, Gentoo and 3 more 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more 2026-04-16 N/A
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
CVE-2005-0506 1 Avaya 2 Ip Office Phone Manager, Ip Soft Phone 2026-04-16 N/A
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
CVE-2004-0495 6 Avaya, Conectiva, Gentoo and 3 more 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more 2026-04-16 N/A
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
CVE-2004-0493 6 Apache, Avaya, Gentoo and 3 more 9 Http Server, Converged Communications Server, S8300 and 6 more 2026-04-16 N/A
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
CVE-2005-4471 1 Avaya 1 Modular Messaging Message Storage Server 2026-04-16 N/A
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
CVE-2004-0215 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2026-04-16 N/A
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
CVE-2004-1082 8 Apache, Apple, Avaya and 5 more 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more 2026-04-16 N/A
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVE-2004-0595 4 Avaya, Php, Redhat and 1 more 11 Converged Communications Server, Integrated Management, S8300 and 8 more 2026-04-16 N/A
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2004-1235 7 Avaya, Conectiva, Linux and 4 more 20 Converged Communications Server, Intuity Audix, Mn100 and 17 more 2026-04-16 N/A
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVE-2004-0212 2 Avaya, Microsoft 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more 2026-04-16 N/A
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
CVE-2004-1307 11 Apple, Avaya, Conectiva and 8 more 20 Mac Os X, Mac Os X Server, Call Management System Server and 17 more 2026-04-16 N/A
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2026-04-16 N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2004-0081 23 4d, Apple, Avaya and 20 more 67 Webstar, Mac Os X, Mac Os X Server and 64 more 2026-04-16 N/A
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2003-1359 2 Avaya, Hp 2 Predictive Dialer System, Hp-ux 2026-04-16 N/A
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
CVE-2005-0003 4 Avaya, Linux, Mandrakesoft and 1 more 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more 2026-04-16 N/A
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
CVE-2004-0205 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2026-04-16 N/A
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
CVE-2002-0175 1 Avaya 1 Libsafe 2026-04-16 N/A
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.