Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0418 6 Cvs, Gentoo, Openbsd and 3 more 6 Cvs, Linux, Openbsd and 3 more 2026-04-16 N/A
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
CVE-2004-0419 4 Gentoo, Redhat, X.org and 1 more 4 Linux, Enterprise Linux, X11r6 and 1 more 2026-04-16 N/A
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
CVE-2004-0420 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
CVE-2004-0421 4 Libpng, Openpkg, Redhat and 1 more 7 Libpng, Openpkg, Enterprise Linux and 4 more 2026-04-16 N/A
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
CVE-2004-0422 2 Gnu, Redhat 2 Flim, Enterprise Linux 2026-04-16 N/A
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.
CVE-2004-0423 1 Ssmtp 1 Ssmtp 2026-04-16 N/A
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
CVE-2004-0424 4 Linux, Redhat, Sgi and 1 more 4 Linux Kernel, Enterprise Linux, Propack and 1 more 2026-04-16 N/A
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
CVE-2004-0425 1 Netegrity 1 Sideminder Affiliate Agent 2026-04-16 N/A
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.
CVE-2004-0426 2 Andrew Tridgell, Redhat 2 Rsync, Enterprise Linux 2026-04-16 N/A
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
CVE-2003-1512 1 Khaled Mardam-bey 1 Mirc 2026-04-16 N/A
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
CVE-2003-1513 1 Caucho Technology 1 Resin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.
CVE-2003-1514 1 Emule 1 Emule 2026-04-16 N/A
eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow.
CVE-2003-1515 1 Origo 2 Asr-8100, Asr-8400 2026-04-16 N/A
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.
CVE-2003-1516 1 Sun 1 Java Plug-in 2026-04-16 N/A
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
CVE-2003-1517 1 Dansie 1 Shopping Cart 2026-04-16 N/A
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
CVE-2003-1518 1 Adiscon 1 Winsyslog 2026-04-16 N/A
Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.
CVE-2003-1519 1 Vivisimo 1 Clustering Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.
CVE-2003-1520 1 Fuzzymonkey 1 Myclassifieds 2026-04-16 N/A
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2003-1521 1 Sun 1 Java Plug-in 2026-04-16 N/A
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
CVE-2003-1522 1 Pscs 1 Vpop3 Web Mail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page.