Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1185 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-06-16 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | |||||
| CVE-2002-1184 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-06-16 | 4.6 MEDIUM | N/A |
| The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. | |||||
| CVE-2002-1183 | 1 Microsoft | 3 Windows 98, Windows 98se, Windows Nt | 2026-06-16 | 7.5 HIGH | N/A |
| Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). | |||||
| CVE-2002-1182 | 1 Microsoft | 1 Internet Information Services | 2026-06-16 | 5.0 MEDIUM | N/A |
| IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. | |||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. | |||||
| CVE-2002-1180 | 1 Microsoft | 1 Internet Information Services | 2026-06-16 | 7.5 HIGH | N/A |
| A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | |||||
| CVE-2002-1179 | 1 Microsoft | 1 Outlook Express | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. | |||||
| CVE-2002-1178 | 1 Jetty | 1 Jetty Http Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. | |||||
| CVE-2002-1177 | 1 Nullsoft | 1 Winamp | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag. | |||||
| CVE-2002-1176 | 1 Nullsoft | 1 Winamp | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. | |||||
| CVE-2002-1170 | 1 Net-snmp | 1 Net-snmp | 2026-06-16 | 5.0 MEDIUM | N/A |
| The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. | |||||
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | |||||
| CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | |||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
| CVE-2002-1166 | 1 John Franks | 1 Wn Server | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2002-1165 | 2 Netbsd, Sendmail | 2 Netbsd, Sendmail | 2026-06-16 | 4.6 MEDIUM | N/A |
| Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified. | |||||
| CVE-2002-1160 | 1 Redhat | 1 Linux | 2026-06-16 | 7.2 HIGH | N/A |
| The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. | |||||
| CVE-2002-1159 | 1 Canna | 1 Canna | 2026-06-16 | 6.4 MEDIUM | N/A |
| Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. | |||||
| CVE-2002-1158 | 1 Canna | 1 Canna | 2026-06-16 | 7.2 HIGH | N/A |
| Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. | |||||
| CVE-2002-1157 | 1 Mod Ssl | 1 Mod Ssl | 2026-06-16 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. | |||||