Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 126215 entries
IDDescriptionPriorityModified dateFixed Release
CVE-1999-0095 The debug command in Sendmail is enabled, allowing attackers to execute commands as root. HIGH Jun 11, 2019 n/a
CVE-1999-0145 Sendmail WIZ command enabled, allowing root access. HIGH Jun 11, 2019 n/a
CVE-1999-0199 manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree\'s root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. HIGH Oct 6, 2020 n/a
CVE-1999-1170 IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. MEDIUM Aug 13, 2019 n/a
CVE-1999-1171 IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. MEDIUM Aug 13, 2019 n/a
CVE-1999-1593 Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. High Jan 15, 2009 n/a
CVE-2000-1247 The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an allow from 127.0.0.1 line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. Low Oct 5, 2011 n/a
CVE-2001-1021 Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. HIGH Aug 13, 2019 n/a
CVE-2002-0390 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Jul 21, 2019 n/a
CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. LOW Sep 5, 2008 n/a
CVE-2002-0826 Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. HIGH Aug 13, 2019 n/a
CVE-2002-2438 TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. MEDIUM May 18, 2021 n/a
CVE-2002-2439 Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. MEDIUM Oct 31, 2019 n/a
CVE-2002-2444 Snoopy before 2.0.0 has a security hole in exec cURL HIGH Oct 30, 2019 n/a
CVE-2002-20001 The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. MEDIUM Nov 12, 2021 n/a
CVE-2003-0367 znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. LOW May 23, 2019 n/a
CVE-2003-0772 Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. HIGH Aug 13, 2019 n/a
CVE-2003-1605 curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. MEDIUM Aug 23, 2018 n/a
CVE-2003-5001 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. HIGH Mar 29, 2022 n/a
CVE-2003-5002 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MEDIUM Mar 29, 2022 n/a
CVE-2003-5003 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MEDIUM Mar 29, 2022 n/a
CVE-2004-0281 Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for \"WEB-INF..\", which is equivalent to \"WEB-INF\" in Windows. MEDIUM Jun 12, 2019 n/a
CVE-2004-1179 The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories. LOW Jul 31, 2019 n/a
CVE-2004-1643 WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a \"../\" sequence. MEDIUM Aug 13, 2019 n/a
CVE-2004-1848 Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. MEDIUM Aug 13, 2019 n/a
CVE-2004-1883 Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. HIGH Aug 13, 2019 n/a
CVE-2004-1884 Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. HIGH Aug 13, 2019 n/a
CVE-2004-1885 Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. HIGH Aug 13, 2019 n/a
CVE-2004-2776 go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. HIGH Jan 14, 2020 n/a
CVE-2004-2778 Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. -- Jun 27, 2017 n/a
CVE-2004-2779 id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). MEDIUM Feb 20, 2018 n/a
CVE-2005-0162 Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. HIGH Jul 29, 2019 n/a
CVE-2005-0563 Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL (\"jav&#X41sc
ript:\") in an IMG tag. MEDIUM Jun 1, 2019 n/a
CVE-2005-0758 zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. MEDIUM Oct 16, 2019 n/a
CVE-2005-1028 PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. MEDIUM Jul 16, 2019 n/a
CVE-2005-2349 Zoo 2.10 has Directory traversal MEDIUM Oct 30, 2019 n/a
CVE-2005-2350 Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. MEDIUM Nov 4, 2019 n/a
CVE-2005-2351 Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. LOW Nov 13, 2019 n/a
CVE-2005-2352 I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. MEDIUM Nov 6, 2019 n/a
CVE-2005-2354 Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. HIGH Nov 8, 2019 n/a
CVE-2005-2969 The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. LOW Sep 30, 2016 n/a
CVE-2005-3056 TWiki allows arbitrary shell command execution via the Include function HIGH Nov 5, 2019 n/a
CVE-2005-3590 The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. High Apr 11, 2019 n/a
CVE-2005-3671 The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. HIGH Jul 29, 2019 n/a
CVE-2005-3979 relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. MEDIUM Jul 16, 2019 n/a
CVE-2005-4850 eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. MEDIUM Jul 31, 2019 n/a
CVE-2005-4851 eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. MEDIUM Jul 31, 2019 n/a
CVE-2005-4890 There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. HIGH Nov 8, 2019 n/a
CVE-2005-4891 Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. HIGH Jan 15, 2020 n/a
CVE-2005-10001 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MEDIUM Mar 29, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online