Export limit exceeded: 80660 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80660 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1831 | 1 Todd Miller | 1 Sudo | 2026-04-16 | 8.4 High |
| Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. | ||||
| CVE-2005-1036 | 2 Amd, Freebsd | 2 Amd64, Freebsd | 2026-04-16 | 7.8 High |
| FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | ||||
| CVE-2005-0490 | 2 Haxx, Redhat | 3 Curl, Libcurl, Enterprise Linux | 2026-04-16 | 8.8 High |
| Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. | ||||
| CVE-2003-0411 | 2 Microsoft, Oracle | 3 Windows 2000, Windows Xp, Sun One Application Server | 2026-04-16 | 7.5 High |
| Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | ||||
| CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2026-04-16 | 7.5 High |
| The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | ||||
| CVE-2004-1842 | 1 Phpnuke | 1 Php-nuke | 2026-04-16 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. | ||||
| CVE-2004-0346 | 1 Proftpd | 1 Proftpd | 2026-04-16 | 7.8 High |
| Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | ||||
| CVE-2004-0217 | 2 Redhat, Symantec | 2 Linux, Antivirus Scan Engine | 2026-04-16 | 7.0 High |
| The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | ||||
| CVE-2004-0213 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.8 High |
| Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. | ||||
| CVE-2006-3730 | 1 Microsoft | 3 Ie, Internet Explorer, Windows Xp | 2026-04-16 | 8.8 High |
| Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. | ||||
| CVE-2002-2068 | 1 Tolvanen | 1 Eraser | 2026-04-16 | 7.5 High |
| Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2002-2067 | 1 East-tec | 1 Eraser | 2026-04-16 | 7.5 High |
| East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2002-2066 | 1 Jetico | 1 Bcwipe | 2026-04-16 | 7.5 High |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2002-2058 | 1 Teekai | 1 Tracking Online | 2026-04-16 | 7.5 High |
| TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'. | ||||
| CVE-2001-1537 | 1 Symfony | 1 Twig | 2026-04-16 | 7.5 High |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | ||||
| CVE-2001-1238 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.8 High |
| Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | ||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2026-04-16 | 7.8 High |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | ||||
| CVE-2003-0625 | 1 Hadrons | 1 Xfstt | 2026-04-16 | 7.5 High |
| Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | ||||
| CVE-2001-0795 | 1 Cmfperception | 1 Liteserve | 2026-04-16 | 7.5 High |
| Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names. | ||||
| CVE-2004-1002 | 2 Canonical, Samba | 2 Ubuntu Linux, Ppp | 2026-04-16 | 7.5 High |
| Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location. | ||||