Export limit exceeded: 346629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346629 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1055 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read. | ||||
| CVE-2006-1056 | 3 Freebsd, Linux, Redhat | 3 Freebsd, Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. | ||||
| CVE-2006-1057 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2026-04-16 | N/A |
| Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | ||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | ||||
| CVE-2006-1058 | 3 Avaya, Busybox, Redhat | 6 Aura Application Enablement Services, Aura Sip Enablement Services, Message Networking and 3 more | 2026-04-16 | 5.5 Medium |
| BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | ||||
| CVE-2006-1059 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. | ||||
| CVE-2006-1060 | 1 Xzgv | 1 Xzgv | 2026-04-16 | N/A |
| Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required. | ||||
| CVE-2006-1613 | 1 Aweb Labs | 1 Awebnews | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php. | ||||
| CVE-2006-1061 | 1 Daniel Stenberg | 1 Curl | 2026-04-16 | N/A |
| Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. | ||||
| CVE-2006-1062 | 1 Lurker | 1 Lurker | 2026-04-16 | N/A |
| Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2006-1614 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2006-1063 | 1 Lurker | 1 Lurker | 2026-04-16 | N/A |
| Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". | ||||
| CVE-2006-1615 | 1 Clamav | 1 Clamav | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. | ||||
| CVE-2006-1064 | 1 Lurker | 1 Lurker | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-1065 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. | ||||
| CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | ||||
| CVE-2006-1066 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call. | ||||
| CVE-2006-1864 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | ||||
| CVE-2006-1067 | 1 Linksys | 1 Wrt54g V5 | 2026-04-16 | N/A |
| Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | ||||
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. | ||||