Total
29854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0403 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2026-04-16 | 7.2 HIGH | N/A |
| init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. | |||||
| CVE-2001-1427 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | 7.5 HIGH | N/A |
| Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. | |||||
| CVE-2006-3622 | 1 Dream4 | 1 Koobi Pro | 2026-04-16 | 5.0 MEDIUM | N/A |
| The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error. | |||||
| CVE-2004-1834 | 1 Apache | 1 Http Server | 2026-04-16 | 2.1 LOW | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | |||||
| CVE-2005-4352 | 2 Linux, Netbsd | 2 Linux Kernel, Netbsd | 2026-04-16 | 2.1 LOW | N/A |
| The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." | |||||
| CVE-2003-1269 | 1 An | 1 An-http | 2026-04-16 | 5.0 MEDIUM | N/A |
| AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message. | |||||
| CVE-2001-0848 | 1 E-zone Media | 1 Fuse Talk | 2026-04-16 | 4.6 MEDIUM | N/A |
| join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable. | |||||
| CVE-2004-0088 | 1 Apple | 1 Mac Os X | 2026-04-16 | 2.1 LOW | N/A |
| The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. | |||||
| CVE-2005-3346 | 1 Osh | 1 Osh | 2026-04-16 | 7.2 HIGH | N/A |
| Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | |||||
| CVE-2001-1361 | 1 Twig Development Team | 1 Twig | 2026-04-16 | 7.5 HIGH | N/A |
| Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. | |||||
| CVE-2006-2046 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2026-04-16 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. | |||||
| CVE-2006-1754 | 1 Swsoft | 1 Confixx | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. | |||||
| CVE-2002-0407 | 1 Lotus | 1 Domino | 2026-04-16 | 5.0 MEDIUM | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | |||||
| CVE-2006-4796 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable). | |||||
| CVE-2006-1088 | 1 Php-stats | 1 Php-stats | 2026-04-16 | 5.0 MEDIUM | N/A |
| PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. | |||||
| CVE-2005-2389 | 1 Symantec Veritas | 2 Netbackup Enterprise Server, Netbackup Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference. | |||||
| CVE-2004-2057 | 1 Xlinesoft | 1 Asprunner | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. | |||||
| CVE-2005-0418 | 1 Sun | 1 J2se | 2026-04-16 | 7.5 HIGH | N/A |
| Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836. | |||||
| CVE-2005-0624 | 1 Debian | 1 Reportbug | 2026-04-16 | 2.1 LOW | N/A |
| reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords. | |||||
| CVE-2004-1137 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2026-04-16 | 10.0 HIGH | N/A |
| Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read. | |||||