Export limit exceeded: 344940 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344940 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | ||||
| CVE-2002-0076 | 3 Hp, Microsoft, Sun | 5 Java Jre-jdk, Virtual Machine, Jdk and 2 more | 2026-04-16 | N/A |
| Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | ||||
| CVE-2002-0077 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. | ||||
| CVE-2002-0078 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. | ||||
| CVE-2002-0079 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | ||||
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2026-04-16 | N/A |
| rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | ||||
| CVE-2002-0082 | 3 Apache-ssl, Mod Ssl, Redhat | 5 Apache-ssl, Mod Ssl, Linux and 2 more | 2026-04-16 | N/A |
| The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. | ||||
| CVE-2002-0083 | 9 Conectiva, Engardelinux, Immunix and 6 more | 11 Linux, Secure Linux, Immunix and 8 more | 2026-04-16 | 9.8 Critical |
| Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | ||||
| CVE-2002-0084 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument. | ||||
| CVE-2002-0085 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request. | ||||
| CVE-2002-0086 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. | ||||
| CVE-2002-0087 | 1 Lotus | 1 Domino | 2026-04-16 | N/A |
| bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2002-0088 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. | ||||
| CVE-2002-0410 | 1 Aeromail | 1 Aeromail | 2026-04-16 | N/A |
| send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded. | ||||
| CVE-2001-0888 | 3 Atmel, Linksys, Netgear | 3 Firmware, Wap11, Me102 | 2026-04-16 | N/A |
| Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. | ||||
| CVE-2001-0889 | 2 Redhat, University Of Cambridge | 3 Linux, Powertools, Exim | 2026-04-16 | N/A |
| Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2002-0411 | 1 Aeromail | 1 Aeromail | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line. | ||||
| CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2026-04-16 | N/A |
| The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | ||||
| CVE-2002-0412 | 1 Luca Deri | 1 Ntop | 2026-04-16 | N/A |
| Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. | ||||
| CVE-2001-0945 | 1 Microsoft | 1 Outlook Express | 2026-04-16 | N/A |
| Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. | ||||