Total
32110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1308 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. | |||||
| CVE-2003-1551 | 1 Novell | 1 Groupwise | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." | |||||
| CVE-2004-2758 | 1 Sun | 1 Sunforum | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | |||||
| CVE-2006-0258 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03. | |||||
| CVE-2005-0654 | 1 Gimp | 1 Gimp | 2025-04-03 | 5.0 MEDIUM | N/A |
| gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero. | |||||
| CVE-2006-0289 | 1 Oracle | 2 Application Server, E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal. | |||||
| CVE-2006-0022 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. | |||||
| CVE-2006-3728 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption." | |||||
| CVE-2005-2273 | 1 Opera | 1 Opera Browser | 2025-04-03 | 2.6 LOW | N/A |
| Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2006-0367 | 1 Cisco | 1 Call Manager | 2025-04-03 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page." | |||||
| CVE-2006-3629 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2006-3016 | 1 Php Group | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
| Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). | |||||
| CVE-2005-4273 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files. | |||||
| CVE-2006-3660 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. | |||||
| CVE-2006-1876 | 1 Oracle | 1 Database Server | 2025-04-03 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package. | |||||
| CVE-2003-1361 | 2 Ibm, Veritas | 2 Tivoli Storage Manager, Bare Metal Restore | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server. | |||||
| CVE-2005-3627 | 1 Xpdf | 1 Xpdf | 2025-04-03 | 7.5 HIGH | N/A |
| Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo. | |||||
| CVE-2004-0589 | 1 Cisco | 1 Ios | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages. | |||||
| CVE-2004-2705 | 1 Pvpgn | 1 Pvpgn | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets. | |||||
| CVE-2006-3745 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors. | |||||