| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. |
| In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. |
| Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. |
| Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. |
| The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. |
| Local users can gain privileges using the debug utility in the MPE/iX operating system. |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. |
| dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. |
| Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. |
| A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso. |
| dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. |
| Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. |
| Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. |
| The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. |
| The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |
| Denial of service in "poll" in OpenBSD. |
| Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. |
| A trust relationship exists between two Unix hosts. |
| The Windows NT guest account is enabled. |
