Total
29916 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1478 | 1 Caldera | 2 Openunix, Unixware | 2026-06-16 | 7.2 HIGH | N/A |
| Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code. | |||||
| CVE-2001-1477 | 1 Bea | 1 Tuxedo | 2026-06-16 | 4.6 MEDIUM | N/A |
| The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain. | |||||
| CVE-2001-1476 | 1 Ssh | 1 Ssh | 2026-06-16 | 7.5 HIGH | N/A |
| SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not. | |||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2026-06-16 | 7.5 HIGH | N/A |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. | |||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2026-06-16 | 5.0 MEDIUM | N/A |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
| CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2026-06-16 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | |||||
| CVE-2001-1470 | 1 Ssh | 1 Ssh | 2026-06-16 | 5.0 MEDIUM | N/A |
| The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message. | |||||
| CVE-2001-1469 | 1 Ssh | 1 Ssh | 2026-06-16 | 5.0 MEDIUM | N/A |
| The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified. | |||||
| CVE-2001-1468 | 1 Secure Reality | 1 Phpsecurepages | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2001-1467 | 1 Don Libes | 1 Expect | 2026-06-16 | 7.5 HIGH | N/A |
| mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. | |||||
| CVE-2001-1466 | 1 Van Dyke Technologies | 1 Securecrt | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
| CVE-2001-1465 | 1 Surfcontrol | 1 Superscout Web Filter | 2026-06-16 | 4.6 MEDIUM | N/A |
| SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. | |||||
| CVE-2001-1464 | 1 Businessobjects | 1 Crystal Reports | 2026-06-16 | 7.5 HIGH | N/A |
| Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords. | |||||
| CVE-2001-1462 | 1 Rsa | 1 Securid | 2026-06-16 | 7.5 HIGH | N/A |
| WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. | |||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2026-06-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. | |||||
| CVE-2001-1460 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter. | |||||
| CVE-2001-1459 | 1 Openbsd | 1 Openssh | 2026-06-16 | 7.5 HIGH | N/A |
| OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. | |||||
| CVE-2001-1458 | 1 Novell | 1 Groupwise | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | |||||
| CVE-2001-1457 | 1 Nobreak Technologies | 1 Crazywwwboard | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. | |||||
| CVE-2001-1455 | 1 Netegrity | 1 Siteminder | 2026-06-16 | 7.5 HIGH | N/A |
| Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. | |||||
