Export limit exceeded: 344962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0921 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2026-04-16 | N/A |
| AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets. | ||||
| CVE-2004-0922 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2026-04-16 | N/A |
| AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box. | ||||
| CVE-2004-0923 | 3 Apple, Easy Software Products, Redhat | 4 Mac Os X, Mac Os X Server, Cups and 1 more | 2026-04-16 | N/A |
| CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords. | ||||
| CVE-2004-0924 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2026-04-16 | N/A |
| NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not. | ||||
| CVE-2004-0925 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate. | ||||
| CVE-2004-0926 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2026-04-16 | N/A |
| Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image. | ||||
| CVE-2004-0927 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2026-04-16 | N/A |
| ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions. | ||||
| CVE-2004-0929 | 2 Libtiff, Suse | 2 Libtiff, Suse Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. | ||||
| CVE-2004-0932 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2026-04-16 | N/A |
| McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | ||||
| CVE-2004-0938 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2026-04-16 | N/A |
| FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. | ||||
| CVE-2004-0939 | 1 Neoteris | 1 Instant Virtual Extranet | 2026-04-16 | N/A |
| changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack. | ||||
| CVE-2004-0940 | 7 Apache, Hp, Openpkg and 4 more | 9 Http Server, Hp-ux, Openpkg and 6 more | 2026-04-16 | 7.8 High |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | ||||
| CVE-2004-0946 | 2 Nfs, Redhat | 3 Nfs-utils, Enterprise Linux, Enterprise Linux Desktop | 2026-04-16 | N/A |
| rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request. | ||||
| CVE-2004-0947 | 4 Arj Software Inc., Gentoo, Redhat and 1 more | 4 Unarj, Linux, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. | ||||
| CVE-2004-0950 | 1 Danware Data | 1 Netop | 2026-04-16 | N/A |
| NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request. | ||||
| CVE-2004-0951 | 1 Hp | 1 Ignite-ux | 2026-04-16 | N/A |
| The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2004-0952 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. | ||||
| CVE-2004-0953 | 1 Jabber Software Foundation | 1 Jabber Server | 2026-04-16 | N/A |
| Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username. | ||||
| CVE-2004-0957 | 6 Openpkg, Oracle, Redhat and 3 more | 8 Openpkg, Mysql, Enterprise Linux and 5 more | 2026-04-16 | N/A |
| Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | ||||
| CVE-2004-0959 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-16 | N/A |
| rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified. | ||||