LiveActive security incident?Get immediate response
CVE archive

August 2003

Browse CVE records published in August 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 100 matching CVEs · Page 1 of 2.

Unknown · CVSS Not scored

CVE-2003-1562: sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive au...

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

Published Aug 4, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1563: Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local u...

Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.

Published Aug 18, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1227: PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or...

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1229: X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE...

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Published Aug 17, 2005 · Updated Aug 8, 2024