Export limit exceeded: 362074 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362074 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1225 | 1 Kth | 1 Heimdal | 2026-04-16 | N/A |
| Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. | ||||
| CVE-2002-1223 | 2 Kde, Redhat | 2 Kde, Linux | 2026-04-16 | N/A |
| Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | ||||
| CVE-2004-0841 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2026-04-16 | N/A |
| Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." | ||||
| CVE-2005-2643 | 1 Tor | 1 Tor | 2026-04-16 | N/A |
| Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. | ||||
| CVE-2002-1222 | 1 Cisco | 1 Catos | 2026-04-16 | N/A |
| Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. | ||||
| CVE-2001-1487 | 1 Qualcomm | 1 Qpopper | 2026-04-16 | N/A |
| popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option. | ||||
| CVE-2005-2885 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | ||||
| CVE-2005-2642 | 1 Mutt | 1 Mutt | 2026-04-16 | N/A |
| Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext. | ||||
| CVE-2002-1221 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2026-04-16 | N/A |
| BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | ||||
| CVE-1999-1592 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. | ||||
| CVE-2002-1219 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2026-04-16 | N/A |
| Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). | ||||
| CVE-2002-1217 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. | ||||
| CVE-2001-0277 | 1 Working Resources Inc. | 1 Badblue | 2026-04-16 | N/A |
| Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. | ||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. | ||||
| CVE-2002-1200 | 1 Oneidentity | 1 Syslog-ng | 2026-04-16 | N/A |
| Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2005-2639 | 1 Valusoft | 1 Chris Moneymakers World Poker Championship | 2026-04-16 | N/A |
| Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | ||||
| CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | ||||
| CVE-2004-2651 | 1 Michael Christen | 1 Yacy | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html. | ||||
| CVE-2004-2652 | 1 Sourcefire | 1 Snort | 2026-04-16 | N/A |
| The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference. | ||||
| CVE-2004-2656 | 1 Open Source Development Network | 1 Slashcode | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl. | ||||