| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. |
| Buffer overflow in NIS+, in Sun's rpc.nisd program. |
| Denial of service in Savant web server via a null character in the requested URL. |
| Buffer overflow in HP-UX newgrp program. |
| The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. |
| HP Remote Watch allows a remote user to gain root access. |
| Remote command execution in Microsoft Internet Explorer using .lnk and .url files. |
| fpkg2swpk in HP-UX allows local users to gain root access. |
| Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. |
| A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. |
| A NETBIOS/SMB share password is guessable. |
| HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging. |
| Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. |
| nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. |
| Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service. |
| Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges. |
| Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. |
| Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. |
| Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. |
| The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. |
