Export limit exceeded: 345210 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345210 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345210 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3318 | 1 Jed Wing | 1 Chm Lib | 2026-04-16 | N/A |
| Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930. | ||||
| CVE-2005-2964 | 1 Abisource | 1 Community Abiword | 2026-04-16 | N/A |
| Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. | ||||
| CVE-2005-2966 | 1 Dia | 1 Dia | 2026-04-16 | N/A |
| The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. | ||||
| CVE-2005-3190 | 1 Broadcom | 1 Igateway | 2026-04-16 | N/A |
| Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests. | ||||
| CVE-2005-2968 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | ||||
| CVE-2005-2969 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Network Satellite and 1 more | 2026-04-16 | N/A |
| The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | ||||
| CVE-2005-2971 | 1 Kde | 1 Koffice | 2026-04-16 | N/A |
| Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file. | ||||
| CVE-2005-3319 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost. | ||||
| CVE-2005-3320 | 1 Siteturn | 1 Domain Manager Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script. | ||||
| CVE-2005-2972 | 1 Abisource | 1 Community Abiword | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964. | ||||
| CVE-2005-2973 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash). | ||||
| CVE-2005-2974 | 2 Libungif, Redhat | 2 Libungif, Enterprise Linux | 2026-04-16 | N/A |
| libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference. | ||||
| CVE-2005-2975 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2026-04-16 | N/A |
| io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. | ||||
| CVE-2005-2976 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. | ||||
| CVE-2005-2977 | 2 Pam, Redhat | 2 Pam, Enterprise Linux | 2026-04-16 | N/A |
| The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. | ||||
| CVE-2005-2978 | 2 Netpbm, Redhat | 2 Netpbm, Enterprise Linux | 2026-04-16 | N/A |
| pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. | ||||
| CVE-2005-3191 | 2 Redhat, Xpdf | 2 Enterprise Linux, Xpdf | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. | ||||
| CVE-2005-2979 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter. | ||||
| CVE-2005-2980 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter. | ||||
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | ||||