Export limit exceeded: 25410 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25410 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0078 | 4 Freebsd, Openbsd, Openssl and 1 more | 6 Freebsd, Openbsd, Openssl and 3 more | 2026-04-16 | N/A |
| ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." | ||||
| CVE-2003-0190 | 4 Openbsd, Openpkg, Redhat and 1 more | 8 Openssh, Openpkg, Enterprise Linux and 5 more | 2026-04-16 | N/A |
| OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. | ||||
| CVE-2003-1003 | 1 Cisco | 2 Pix Firewall, Pix Firewall Software | 2026-04-16 | N/A |
| Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. | ||||
| CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | ||||
| CVE-2004-0243 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. | ||||
| CVE-2004-0244 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. | ||||
| CVE-2004-0276 | 1 Monkey-project | 1 Monkey | 2026-04-16 | N/A |
| The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. | ||||
| CVE-2004-0294 | 1 Yabbforumsoftware | 1 Yet Another Bulletin Board | 2026-04-16 | N/A |
| YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack. | ||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2026-04-16 | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | ||||
| CVE-2004-1386 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. | ||||
| CVE-2004-2150 | 1 Nettica | 1 Intellipeer Email Server | 2026-04-16 | N/A |
| Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names. | ||||
| CVE-2004-2252 | 1 Sophos | 1 Astaro Security Linux | 2026-04-16 | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | ||||
| CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | ||||
| CVE-2005-0200 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | ||||
| CVE-2005-0209 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments. | ||||
| CVE-2005-1330 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception. | ||||
| CVE-2005-1398 | 1 Phpcart | 1 Phpcart | 2026-04-16 | N/A |
| phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected. | ||||
| CVE-2005-2177 | 2 Net-snmp, Redhat | 2 Net-snmp, Enterprise Linux | 2026-04-16 | N/A |
| Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. | ||||
| CVE-2005-3055 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | ||||
| CVE-2005-3088 | 2 Fetchmail, Redhat | 2 Fetchmail, Enterprise Linux | 2026-04-16 | N/A |
| fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords. | ||||