Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0392 1 Kame 1 Racoon 2026-04-16 N/A
racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
CVE-2004-0402 2 Mandrakesoft, Xpcd 2 Mandrake Linux, Xpcd 2026-04-16 N/A
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
CVE-2004-0423 1 Ssmtp 1 Ssmtp 2026-04-16 N/A
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
CVE-2005-3255 1 Nathan Neulinger 1 Cgiwrap 2026-04-16 N/A
The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs.
CVE-2004-0425 1 Netegrity 1 Sideminder Affiliate Agent 2026-04-16 N/A
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.
CVE-2005-3256 1 Enigmail 1 Enigmail 2026-04-16 N/A
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
CVE-2004-0426 2 Andrew Tridgell, Redhat 2 Rsync, Enterprise Linux 2026-04-16 N/A
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
CVE-2005-3260 1 Versatilebulletinboard 1 Versatilebulletinboard 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php.
CVE-2004-0435 1 Freebsd 1 Freebsd 2026-04-16 N/A
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
CVE-2004-0437 1 South River Technologies 1 Titan Ftp Server 2026-04-16 N/A
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
CVE-2004-0448 1 Jftpgw 1 Jftpgw 2026-04-16 N/A
Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.
CVE-2005-3272 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.
CVE-2004-0452 2 Larry Wall, Redhat 2 Perl, Enterprise Linux 2026-04-16 N/A
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
CVE-2004-0453 1 Vice 1 Vice 2026-04-16 N/A
Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string.
CVE-2005-3278 1 Jan Kybic 1 Bitmap Viewer 2026-04-16 N/A
Integer overflow in the openpsfile function in gsinterf.c for Jan Kybic BitMap Viewer (BMV) 1.2 allows local users to execute arbitrary code via a PostScript (PS) file containing a large number of pages value, which leads to a resultant buffer overflow.
CVE-2005-3296 1 Hp 1 Hp-ux 2026-04-16 N/A
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
CVE-2005-3378 1 Norman 1 Norman Virus Control 2026-04-16 N/A
Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVE-2003-1028 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
CVE-2004-0535 7 Conectiva, Engardelinux, Gentoo and 4 more 18 Linux, Secure Community, Secure Linux and 15 more 2026-04-16 N/A
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
CVE-2004-0536 2 Redhat, Tripwire 2 Enterprise Linux, Tripwire 2026-04-16 N/A
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.