Medium · CVSS 5.4
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.
Published Jan 2, 2025 · Updated Jan 6, 2025
Unknown · CVSS Not scored
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
Published Jan 14, 2004 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."
Published Jan 27, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.
Published Jan 27, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.
Published Jan 23, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string.
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
Published Jan 8, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
Published Jan 14, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
Published Jan 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
Published Jan 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
Published Jan 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
Published Jan 3, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.
Published Jan 10, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.
Published Jan 10, 2002 · Updated Aug 8, 2024