Export limit exceeded: 363526 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363526 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0695 1 Microsoft 2 Data Access Components, Microsoft Data Access Components 2026-04-16 N/A
Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
CVE-2002-0700 1 Microsoft 1 Content Management Server 2026-04-16 N/A
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
CVE-2001-1377 12 Freeradius, Gnu, Icradius and 9 more 12 Freeradius, Radius, Icradius and 9 more 2026-04-16 N/A
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
CVE-2001-1382 1 Openbsd 1 Openssh 2026-04-16 N/A
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
CVE-2002-0701 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2026-04-16 N/A
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
CVE-2001-1384 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
CVE-2001-1393 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
CVE-2001-1400 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
CVE-2006-1854 1 Bluepay 1 Bluepay Manager 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute
CVE-2006-2241 1 Ftrainsoft 1 Fast Click 2026-04-16 N/A
PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175.
CVE-2001-1401 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
CVE-2002-0710 1 Rod Clark 1 Sendform.cgi 2026-04-16 N/A
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
CVE-2001-1402 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
CVE-2001-1406 2 Mozilla, Redhat 2 Bugzilla, Powertools 2026-04-16 N/A
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
CVE-2002-0713 2 Redhat, Squid 3 Enterprise Linux, Linux, Squid 2026-04-16 N/A
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
CVE-2001-1409 2 Redhat, Xfree86 Project 3 Enterprise Linux, Linux, Xfree86 X Server 2026-04-16 N/A
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
CVE-2001-1410 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
CVE-2002-0715 2 Redhat, Squid 3 Enterprise Linux, Linux, Squid 2026-04-16 N/A
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
CVE-2001-1413 2 Ncompress, Redhat 2 Ncompress, Enterprise Linux 2026-04-16 N/A
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
CVE-2001-1418 1 Aol 1 Instant Messenger 2026-04-16 N/A
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.