Search Results (10052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2700 4 Apache, Canonical, Debian and 1 more 6 Http Server, Ubuntu Linux, Debian Linux and 3 more 2026-04-16 N/A
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
CVE-2000-0584 2 Debian, Freebsd 2 Debian Linux, Freebsd 2026-04-16 N/A
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
CVE-2005-2557 3 Debian, Gentoo, Mantis 3 Debian Linux, Linux, Mantis 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
CVE-2002-1232 3 Debian, Hp, Redhat 4 Debian Linux, Secure Os, Enterprise Linux and 1 more 2026-04-16 N/A
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
CVE-2005-2555 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.
CVE-2005-2498 3 Debian, Gggeek, Redhat 3 Debian Linux, Phpxmlrpc, Enterprise Linux 2026-04-16 N/A
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
CVE-2002-0912 1 Debian 1 Debian Linux 2026-04-16 N/A
in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.
CVE-2005-2459 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-16 N/A
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.
CVE-2000-0513 1 Debian 1 Debian Linux 2026-04-16 N/A
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
CVE-1999-0978 1 Debian 1 Debian Linux 2026-04-16 N/A
htdig allows remote attackers to execute commands via filenames with shell metacharacters.
CVE-2005-2456 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2026-04-16 5.5 Medium
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
CVE-2002-0875 3 Debian, Redhat, Sgi 4 Debian Linux, Enterprise Linux, Fam and 1 more 2026-04-16 N/A
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.
CVE-1999-0038 7 Bsdi, Data General, Debian and 4 more 9 Bsd Os, Dg Ux, Debian Linux and 6 more 2026-04-16 8.4 High
Buffer overflow in xlock program allows local users to execute commands as root.
CVE-2002-0839 3 Apache, Debian, Redhat 6 Http Server, Debian Linux, Enterprise Linux and 3 more 2026-04-16 N/A
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
CVE-2005-2088 3 Apache, Debian, Redhat 3 Http Server, Debian Linux, Enterprise Linux 2026-04-16 N/A
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2000-0512 1 Debian 1 Debian Linux 2026-04-16 N/A
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.
CVE-2005-1921 6 Debian, Drupal, Gggeek and 3 more 6 Debian Linux, Drupal, Phpxmlrpc and 3 more 2026-04-16 N/A
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-1999-0939 1 Debian 1 Debian Linux 2026-04-16 N/A
Denial of service in Debian IRC Epic/epic4 client via a long string.
CVE-2005-1920 3 Debian, Kde, Redhat 3 Debian Linux, Kde, Enterprise Linux 2026-04-16 7.5 High
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
CVE-2002-0401 3 Debian, Ethereal, Redhat 4 Debian Linux, Ethereal, Linux and 1 more 2026-04-16 7.5 High
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.