| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824. |
| Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. |
| The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. |
| Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. |
| Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. |
| Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. |
| dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. |
| wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script. |
| Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. |
| Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. |
| The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. |
| tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free). |
| Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. |
| Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. |
| Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. |
| Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. |
| Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. |
| Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies. |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. |
