| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. |
| ACC Tigris allows public access without a login. |
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. |
| The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. |
| Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. |
| A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. |
| DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. |
| Buffer overflow in the bootp server in the Debian Linux netstd package. |
| Buffer overflow in Dosemu Slang library in Linux. |
| The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. |
| Buffer overflow in Thomas Boutell's cgic library version up to 1.05. |
| Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. |
| DPEC Online Courseware allows an attacker to change another user's password without knowing the original password. |
| A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. |
| A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. |
| The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext. |
| In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. |
| The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands. |
| Denial of service in Linux 2.2.0 running the ldd command on a core file. |
| A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. |
