Total
359722 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0063 | 1 Phpbb Group | 1 Phpbb | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | |||||
| CVE-2006-0062 | 1 Sillycycle | 1 Xlockmore | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | |||||
| CVE-2006-0061 | 1 Sillycycle | 1 Xlockmore | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | |||||
| CVE-2006-0059 | 1 Livedata | 1 Iccp Server | 2026-06-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | |||||
| CVE-2006-0058 | 1 Sendmail | 1 Sendmail | 2026-06-16 | 7.6 HIGH | N/A |
| Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. | |||||
| CVE-2006-0057 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-06-16 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. | |||||
| CVE-2006-0056 | 1 Pam-mysql | 1 Pam-mysql | 2026-06-16 | 7.5 HIGH | N/A |
| Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL. | |||||
| CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2026-06-16 | 2.1 LOW | N/A |
| The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | |||||
| CVE-2006-0054 | 1 Freebsd | 1 Freebsd | 2026-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. | |||||
| CVE-2006-0053 | 1 Tony Cook | 1 Imager | 2026-06-16 | 2.6 LOW | N/A |
| Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference. | |||||
| CVE-2006-0052 | 1 Gnu | 1 Mailman | 2026-06-16 | 5.0 MEDIUM | N/A |
| The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | |||||
| CVE-2006-0051 | 1 Kaffeine | 1 Kaffeine Player | 2026-06-16 | 5.1 MEDIUM | N/A |
| Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function. | |||||
| CVE-2006-0050 | 1 Debian | 1 Debian Linux | 2026-06-16 | 1.2 LOW | N/A |
| snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. | |||||
| CVE-2006-0049 | 1 Gnu | 1 Privacy Guard | 2026-06-16 | 5.0 MEDIUM | N/A |
| gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | |||||
| CVE-2006-0048 | 1 Francesco Stablum | 1 Tcpick | 2026-06-16 | 5.0 MEDIUM | N/A |
| Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread. | |||||
| CVE-2006-0047 | 1 Freeciv | 1 Freeciv | 2026-06-16 | 5.0 MEDIUM | N/A |
| packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values. | |||||
| CVE-2006-0046 | 1 Cameron Simpson | 1 Adzapper | 2026-06-16 | 7.8 HIGH | N/A |
| squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions. | |||||
| CVE-2006-0045 | 1 Linley Henzell | 1 Dungeon Crawl | 2026-06-16 | 7.2 HIGH | N/A |
| crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. | |||||
| CVE-2006-0044 | 1 Albatross | 1 Albatross | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields". | |||||
| CVE-2006-0043 | 1 Suse | 1 Suse Linux | 2026-06-16 | 4.6 MEDIUM | N/A |
| Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks. | |||||