Export limit exceeded: 346703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23274 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2088 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2026-04-16 | N/A |
| The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2002-0169 | 1 Redhat | 3 Docbook Stylesheets, Docbook Utils, Linux | 2026-04-16 | N/A |
| The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier. | ||||
| CVE-2002-0166 | 2 Redhat, Stephen Turner | 2 Powertools, Analog | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. | ||||
| CVE-2002-0164 | 2 Caldera, Redhat | 4 Openlinux Server, Openlinux Workstation, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. | ||||
| CVE-2002-0162 | 2 Logwatch, Redhat | 3 Logwatch, Linux, Powertools | 2026-04-16 | N/A |
| LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. | ||||
| CVE-2002-0157 | 2 Eazel, Redhat | 2 Nautilus, Linux | 2026-04-16 | N/A |
| Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file. | ||||
| CVE-2002-0146 | 2 Fetchmail, Redhat | 2 Fetchmail, Linux | 2026-04-16 | N/A |
| fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. | ||||
| CVE-2002-0092 | 2 Cvs, Redhat | 2 Cvs, Linux | 2026-04-16 | N/A |
| CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. | ||||
| CVE-2002-0083 | 9 Conectiva, Engardelinux, Immunix and 6 more | 11 Linux, Secure Linux, Immunix and 8 more | 2026-04-16 | 9.8 Critical |
| Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | ||||
| CVE-2002-0082 | 3 Apache-ssl, Mod Ssl, Redhat | 5 Apache-ssl, Mod Ssl, Linux and 2 more | 2026-04-16 | N/A |
| The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. | ||||
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2026-04-16 | N/A |
| rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | ||||
| CVE-2002-0069 | 2 Redhat, Squid | 2 Linux, Squid | 2026-04-16 | N/A |
| Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. | ||||
| CVE-2002-0068 | 2 Redhat, Squid | 2 Linux, Squid | 2026-04-16 | N/A |
| Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. | ||||
| CVE-2002-0067 | 2 Redhat, Squid | 2 Linux, Squid | 2026-04-16 | N/A |
| Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2002-0062 | 5 Debian, Freebsd, Gnu and 2 more | 5 Debian Linux, Freebsd, Ncurses and 2 more | 2026-04-16 | N/A |
| Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." | ||||
| CVE-2002-0060 | 2 Linux, Redhat | 2 Linux Kernel, Linux | 2026-04-16 | N/A |
| IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. | ||||
| CVE-2002-0059 | 2 Redhat, Zlib | 3 Linux, Powertools, Zlib | 2026-04-16 | 9.8 Critical |
| The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. | ||||
| CVE-2002-0047 | 2 Olaf Titz, Redhat | 2 Cipe, Linux | 2026-04-16 | N/A |
| CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. | ||||
| CVE-2002-0046 | 2 Linux, Redhat | 2 Linux Kernel, Linux | 2026-04-16 | N/A |
| Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet. | ||||
| CVE-2002-0045 | 2 Openldap, Redhat | 2 Openldap, Linux | 2026-04-16 | N/A |
| slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. | ||||