LiveActive security incident?Get immediate response
CVE archive

March 2003

Browse CVE records published in March 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 45 of 145 matching CVEs · Page 3 of 3.

Unknown · CVSS Not scored

CVE-2003-0178: Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial...

Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.

Published Mar 29, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0167: Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 an...

Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.

Published Mar 29, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0141: The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584,...

The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.

Published Mar 29, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0147: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server'...

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Published Mar 18, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0083: Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences fro...

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

Published Mar 28, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0154: Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execu...

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Published Mar 26, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0131: The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perf...

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Published Mar 21, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0010: Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll...

Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.

Published Mar 21, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0028: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data rep...

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Published Mar 21, 2003 · Updated Aug 8, 2024