Export limit exceeded: 43538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43538 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0886 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. | ||||
| CVE-2005-3962 | 2 Perl, Redhat | 2 Perl, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. | ||||
| CVE-1999-0038 | 7 Bsdi, Data General, Debian and 4 more | 9 Bsd Os, Dg Ux, Debian Linux and 6 more | 2026-04-16 | 8.4 High |
| Buffer overflow in xlock program allows local users to execute commands as root. | ||||
| CVE-2001-1582 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap. | ||||
| CVE-2005-4840 | 1 Microsoft | 2 Internet Explorer, Outlook Express Book Control | 2026-04-16 | N/A |
| The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. | ||||
| CVE-2004-2731 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function. | ||||
| CVE-2003-0252 | 2 Linux-nfs, Redhat | 3 Nfs-utils, Enterprise Linux, Linux | 2026-04-16 | 9.8 Critical |
| Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | ||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2026-04-16 | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | ||||
| CVE-2006-3582 | 1 Audacious Media Player Team | 1 Adplug | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files. | ||||
| CVE-2006-0705 | 2 Attachmatewrq, F-secure | 2 Reflection For Secure It Server, F-secure Ssh Server | 2026-04-16 | N/A |
| Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | ||||
| CVE-2005-4845 | 1 Sun | 1 Java Plug-in | 2026-04-16 | N/A |
| The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | ||||
| CVE-2005-3656 | 2 Guiseppe Tanzilli And Matthias Eckermann, Redhat | 2 Mod Auth Pgsql, Enterprise Linux | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username. | ||||
| CVE-1999-0656 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. | ||||
| CVE-2005-4848 | 1 Rim | 1 Blackberry Enterprise Server | 2026-04-16 | N/A |
| Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets. | ||||
| CVE-2006-1840 | 1 Empire Server | 1 Empire Server | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | ||||
| CVE-2005-3154 | 1 Softwin | 1 Bitdefender | 2026-04-16 | N/A |
| Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name. | ||||
| CVE-2003-0227 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. | ||||
| CVE-2006-4326 | 1 Justsystem | 3 Formliner, Ichitaro, Ichitaro Government | 2026-04-16 | N/A |
| Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information. | ||||
| CVE-2003-0218 | 1 Monkey-project | 1 Monkey | 2026-04-16 | N/A |
| Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. | ||||
| CVE-2001-0803 | 1 Open Group | 1 Cde Common Desktop Environment | 2026-04-16 | N/A |
| Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands. | ||||