| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command. |
| Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). |
| Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. |
| Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages. |
| Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. |
| The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers. |
| Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang). |
| Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service. |
| Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. |
| Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. |
| The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory. |
| Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability. |
| Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86." |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. |
| Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities. |
| Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument. |
| Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. |
| inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services. |
| Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts. |
| SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. |
