Export limit exceeded: 23201 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23201 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0840 | 3 Apache, Oracle, Redhat | 9 Http Server, Application Server, Database Server and 6 more | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. | ||||
| CVE-2002-0843 | 3 Apache, Oracle, Redhat | 8 Http Server, Application Server, Database Server and 5 more | 2025-04-03 | N/A |
| Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | ||||
| CVE-2002-0844 | 2 Distrotech, Redhat | 2 Cvs, Enterprise Linux | 2025-04-03 | 7.8 High |
| Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | ||||
| CVE-2002-0846 | 2 Macromedia, Redhat | 3 Shockwave Flash, Enterprise Linux, Linux | 2025-04-03 | N/A |
| The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | ||||
| CVE-2002-0855 | 2 Gnu, Redhat | 5 Mailman, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | ||||
| CVE-2002-0871 | 2 Redhat, Xinetd | 2 Linux, Xinetd | 2025-04-03 | N/A |
| xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. | ||||
| CVE-2002-0874 | 1 Redhat | 1 Interchange | 2025-04-03 | N/A |
| Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. | ||||
| CVE-2002-0875 | 3 Debian, Redhat, Sgi | 4 Debian Linux, Enterprise Linux, Fam and 1 more | 2025-04-03 | N/A |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | ||||
| CVE-2002-0970 | 2 Kde, Redhat | 4 Kde, Konqueror, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | ||||
| CVE-2002-0972 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. | ||||
| CVE-2002-0985 | 3 Openpkg, Php, Redhat | 6 Openpkg, Php, Enterprise Linux and 3 more | 2025-04-03 | N/A |
| Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. | ||||
| CVE-2002-0986 | 2 Php, Redhat | 5 Php, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." | ||||
| CVE-2002-0989 | 2 Redhat, Rob Flynn | 4 Enterprise Linux, Linux, Powertools and 1 more | 2025-04-03 | N/A |
| The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. | ||||
| CVE-2002-1090 | 2 Libesmtp, Redhat | 3 Libesmtp, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses. | ||||
| CVE-2002-1091 | 4 Mozilla, Netscape, Opera Software and 1 more | 5 Mozilla, Navigator, Opera Web Browser and 2 more | 2025-04-03 | N/A |
| Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | ||||
| CVE-2002-1119 | 2 Python, Redhat | 3 Python, Enterprise Linux, Linux | 2025-04-03 | N/A |
| os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. | ||||
| CVE-2002-1126 | 3 Galeon, Mozilla, Redhat | 4 Galeon Browser, Mozilla, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. | ||||
| CVE-2002-1131 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2025-04-03 | N/A |
| Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | ||||
| CVE-2002-1132 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2025-04-03 | N/A |
| SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. | ||||
| CVE-2002-1146 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Linux | 2025-04-03 | N/A |
| The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). | ||||