Search Results (124 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0081 23 4d, Apple, Avaya and 20 more 67 Webstar, Mac Os X, Mac Os X Server and 64 more 2026-04-16 N/A
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2003-0196 6 Compaq, Hp, Redhat and 3 more 9 Tru64, Cifs-9000 Server, Hp-ux and 6 more 2026-04-16 N/A
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
CVE-1999-0128 5 Digital, Ibm, Linux and 2 more 9 Osf 1, Aix, Sng and 6 more 2026-04-16 N/A
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
CVE-1999-0513 7 Digital, Freebsd, Hp and 4 more 8 Unix, Freebsd, Hp-ux and 5 more 2026-04-16 N/A
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
CVE-1999-0502 3 Hp, Redhat, Sun 4 Hp-ux, Linux, Solaris and 1 more 2026-04-16 N/A
A Unix account has a default, null, blank, or missing password.
CVE-1999-0868 5 Isc, Nec, Netscape and 2 more 6 Inn, Goah Intrasv, Goah Networksv and 3 more 2026-04-16 N/A
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
CVE-2003-1437 6 Bea, Hp, Ibm and 3 more 8 Weblogic Server, Hp-ux, Aix and 5 more 2026-04-16 N/A
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
CVE-2001-0554 10 Debian, Freebsd, Ibm and 7 more 12 Debian Linux, Freebsd, Aix and 9 more 2026-04-16 N/A
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVE-1999-0009 11 Bsdi, Caldera, Data General and 8 more 13 Bsd Os, Openlinux, Dg Ux and 10 more 2026-04-16 N/A
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
CVE-2000-0118 2 Redhat, Sun 3 Linux, Solaris, Sunos 2026-04-16 N/A
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
CVE-2003-0058 3 Mit, Redhat, Sun 6 Kerberos 5, Enterprise Linux, Linux and 3 more 2026-04-16 N/A
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2026-04-16 N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2001-1244 7 Freebsd, Hp, Linux and 4 more 9 Freebsd, Hp-ux, Vvos and 6 more 2026-04-16 N/A
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
CVE-2003-0161 5 Compaq, Hp, Redhat and 2 more 11 Tru64, Hp-ux, Hp-ux Series 700 and 8 more 2026-04-16 N/A
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
CVE-2004-1307 11 Apple, Avaya, Conectiva and 8 more 20 Mac Os X, Mac Os X Server, Call Management System Server and 17 more 2026-04-16 N/A
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVE-2002-1323 5 Redhat, Safe.pm, Sco and 2 more 10 Enterprise Linux, Linux, Linux Advanced Workstation and 7 more 2026-04-16 N/A
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
CVE-2003-0028 11 Cray, Freebsd, Gnu and 8 more 15 Unicos, Freebsd, Glibc and 12 more 2026-04-16 N/A
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVE-1999-0011 8 Data General, Ibm, Isc and 5 more 11 Dg Ux, Aix, Bind and 8 more 2026-04-16 5.4 Medium
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVE-2000-0844 13 Caldera, Conectiva, Debian and 10 more 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more 2026-04-16 N/A
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVE-2004-1029 5 Conectiva, Gentoo, Hp and 2 more 8 Linux, Linux, Hp-ux and 5 more 2026-04-16 N/A
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.