Vulnerabilities (CVE)

Total 363297 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2453 1 Dia 1 Dia 2026-06-16 7.5 HIGH N/A
Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
CVE-2006-2452 1 Gnome 1 Gdm 2026-06-16 3.7 LOW N/A
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVE-2006-2451 1 Linux 1 Linux Kernel 2026-06-16 4.6 MEDIUM N/A
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
CVE-2006-2450 1 Libvncserver 1 Libvncserver 2026-06-16 7.5 HIGH N/A
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
CVE-2006-2449 1 Kde 1 Kde 2026-06-16 4.0 MEDIUM N/A
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVE-2006-2448 1 Linux 1 Linux Kernel 2026-06-16 5.6 MEDIUM N/A
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
CVE-2006-2447 1 Apache 1 Spamassassin 2026-06-16 5.1 MEDIUM N/A
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2006-2446 1 Linux 1 Linux Kernel 2026-06-16 5.4 MEDIUM N/A
Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.
CVE-2006-2445 1 Linux 1 Linux Kernel 2026-06-16 4.0 MEDIUM N/A
Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.
CVE-2006-2444 1 Linux 1 Linux Kernel 2026-06-16 7.8 HIGH N/A
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
CVE-2006-2443 1 Knowledgetree 1 Knowledgetree 2026-06-16 4.6 MEDIUM N/A
The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database.
CVE-2006-2442 1 Kphone 1 Kphone 2026-06-16 4.6 MEDIUM N/A
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
CVE-2006-2441 1 Pioneers 1 Pioneers Meta-server 2026-06-16 5.0 MEDIUM N/A
Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.
CVE-2006-2440 1 Imagemagick 1 Imagemagick 2026-06-16 7.5 HIGH N/A
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVE-2006-2439 1 Zipcentral 1 Zipcentral 2026-06-16 7.6 HIGH N/A
Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
CVE-2006-2438 1 Caucho Technology 1 Resin 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid.
CVE-2006-2437 1 Caucho Technology 1 Resin 2026-06-16 5.0 MEDIUM N/A
The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.
CVE-2006-2436 1 Ibm 1 Websphere Application Server 2026-06-16 7.5 HIGH N/A
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.
CVE-2006-2435 1 Ibm 1 Websphere Application Server 2026-06-16 6.4 MEDIUM N/A
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts."
CVE-2006-2434 1 Ibm 1 Websphere Application Server 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.