Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0818 | 1 Wwwoffle | 1 Wwwoffle | 2026-06-16 | 7.5 HIGH | N/A |
| wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. | |||||
| CVE-2002-0817 | 1 William Deich | 1 Super | 2026-06-16 | 7.2 HIGH | N/A |
| Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2002-0816 | 1 Compaq | 1 Tru64 | 2026-06-16 | 7.2 HIGH | N/A |
| Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument. | |||||
| CVE-2002-0815 | 3 Microsoft, Mozilla, Netscape | 3 Internet Explorer, Mozilla, Navigator | 2026-06-16 | 7.5 HIGH | N/A |
| The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. | |||||
| CVE-2002-0814 | 1 Vmware | 1 Gsx Server | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | |||||
| CVE-2002-0811 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | |||||
| CVE-2002-0810 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 5.0 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | |||||
| CVE-2002-0809 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | |||||
| CVE-2002-0808 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | |||||
| CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | |||||
| CVE-2002-0806 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 2.1 LOW | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | |||||
| CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 4.6 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | |||||
| CVE-2002-0804 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | |||||
| CVE-2002-0803 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 5.0 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | |||||
| CVE-2002-0802 | 1 Postgresql | 1 Postgresql | 2026-06-16 | 7.5 HIGH | N/A |
| The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | |||||
| CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2026-06-16 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. | |||||
| CVE-2002-0800 | 1 Working Resources Inc. | 1 Badblue | 2026-06-16 | 5.0 MEDIUM | N/A |
| BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. | |||||
| CVE-2002-0799 | 1 Youngzsoft | 1 Cmailserver | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | |||||
| CVE-2002-0798 | 1 Hp | 1 Hp-ux | 2026-06-16 | 2.1 LOW | N/A |
| Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service. | |||||
| CVE-2002-0797 | 1 Sun | 2 Solaris, Sunos | 2026-06-16 | 10.0 HIGH | N/A |
| Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | |||||