Export limit exceeded: 29944 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2871 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||||
| CVE-2005-2872 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873. | ||||
| CVE-2005-2873 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872. | ||||
| CVE-2005-2874 | 2 Easy Software Products, Redhat | 2 Cups, Enterprise Linux | 2025-04-03 | N/A |
| The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. | ||||
| CVE-2005-2875 | 1 Py2play | 1 Py2play | 2025-04-03 | N/A |
| Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes. | ||||
| CVE-2005-2876 | 2 Andries Brouwer, Redhat | 2 Util-linux, Enterprise Linux | 2025-04-03 | N/A |
| umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. | ||||
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2025-04-03 | N/A |
| The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | ||||
| CVE-2005-2878 | 1 Gnu | 1 Mailutils | 2025-04-03 | N/A |
| Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. | ||||
| CVE-2005-2879 | 1 Advansysperu Software | 1 Usb Lock Auto-protect | 2025-04-03 | N/A |
| Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection. | ||||
| CVE-2005-2880 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php. | ||||
| CVE-2005-2881 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2025-04-03 | N/A |
| phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory. | ||||
| CVE-2005-2882 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors. | ||||
| CVE-2005-3171 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. | ||||
| CVE-2005-3172 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. | ||||
| CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | ||||
| CVE-2005-3174 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. | ||||
| CVE-2005-3175 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. | ||||
| CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | ||||
| CVE-2005-3177 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | N/A |
| CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. | ||||
| CVE-2005-3178 | 3 Redhat, Xli, Xloadimage | 3 Enterprise Linux, Xli, Xloadimage | 2025-04-03 | N/A |
| Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations. | ||||