CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8524 matches found

Tenable Nessus•added 2004/10/19 12:0 a.m.•23 views

FreeBSD : xerces-c2 -- Attribute blowup denial-of-service (205)

The following package needs to be updated: xerces-c2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg763013021d5911d9814e0001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

0.2AI score0.06192EPSS

Exploits0References15

CVE•added 2004/10/16 4:0 a.m.•69 views

CVE-2004-0938

CVE-2004-0938 affects FreeRADIUS prior to 1.0.1. The issue arises when processing certain RADIUS messages (out-of-sequence/out-of-order handling and specifically an Ascend-Send-Secret attribute without the required leading packet), which can trigger a memory exception and cause a denial of servic...

5CVSS6.2AI score0.03651EPSS

Exploits0References7Affected Software1

CERT•added 2004/10/12 12:0 a.m.•24 views

Multiple networking devices fail to set the "Secure" attribute of a cookie

Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...

2.1CVSS5.6AI score0.00433EPSS

Exploits0References1

Tenable Nessus•added 2004/09/29 12:0 a.m.•25 views

Debian DSA-152-1 : l2tpd - missing random seed

Current versions of l2tpd, a layer 2 tunneling client/server program, forgot to initialize the random generator which made it vulnerable since all generated random number were 100% guessable. When dealing with the size of the value in an attribute value pair, too many bytes were able to be copied...

7.5CVSS5.4AI score0.01612EPSS

Exploits0References3

CVE•added 2004/09/01 4:0 a.m.•41 views

CVE-2002-1493

The CVE-2002-1493 entry describes a cross-site scripting (XSS) vulnerability in the Lycos HTMLGear guestbook. The flaw allows remote attackers to inject arbitrary JavaScript via (1) STYLE attributes or (2) SRC attributes in an IMG tag. The provided sources confirm the vulnerability description bu...

4.3CVSS6.2AI score0.01736EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2004/08/20 12:0 a.m.•7 views

AOL Instant Messenger URL href Attribute Traversal Arbitrary Local File Execution

Binary data 1245.prm...

2.6CVSS7.3AI score0.06865EPSS

Exploits1References1

Exploit DB•added 2004/04/08 12:0 a.m.•22 views

KPhone 2.x/3.x/4.0.1 - Malformed STUN Packet Denial of Service

source: https://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP Session Initiation Protocol STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths,...

7.4AI score

Exploits0

RedHat Linux•added 2004/03/30 5:6 p.m.•6 views

security flaw

The dissectattributevaluepairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service crash via a malformed RADIUS packet that triggers a null dereference...

7.5CVSS5.9AI score0.05891EPSS

Exploits0References4

Positive Technologies•added 2004/03/25 12:0 a.m.•3 views

PT-2004-1519 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.8.13 through 0.10.2 Description: The issue allows remote attackers to cause a denial of service crash via a malformed RADIUS packet that triggers a null dereference in the dissect attribute value pairs function...

7.5CVSS7.1AI score0.05891EPSS

Exploits0References17

NVD•added 2004/02/17 5:0 a.m.•23 views

CVE-2004-0055

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...

5CVSS6.4AI score0.03629EPSS

Exploits1References30

OSV•added 2004/02/17 5:0 a.m.•8 views

CVE-2004-0055

6.3AI score

Exploits0References34

OSV•added 2004/02/17 5:0 a.m.•3 views

DEBIAN-CVE-2004-0055

5CVSS6.8AI score0.03629EPSS

Exploits1References1

RedHat Linux•added 2004/01/15 10:31 a.m.•4 views

security flaw

5CVSS5.8AI score0.03629EPSS

Exploits1References4

Debian CVE•added 2004/01/15 5:0 a.m.•24 views

CVE-2004-0055

5CVSS5.6AI score0.03629EPSS

Exploits1

Cvelist•added 2004/01/15 5:0 a.m.•32 views

CVE-2004-0055

6.3AI score0.03629EPSS

Exploits1References30

OSV•added 2003/12/15 5:0 a.m.•8 views

CVE-2003-0967

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...

6.3AI score

Exploits0References5

NVD•added 2003/12/15 5:0 a.m.•21 views

CVE-2003-0967

5CVSS6.2AI score0.04638EPSS

Exploits0References5

OSV•added 2003/12/15 5:0 a.m.•2 views

DEBIAN-CVE-2003-0967

5CVSS6.8AI score0.04638EPSS

Exploits0References1

RedHat Linux•added 2003/12/10 4:59 p.m.•5 views

security flaw

5CVSS5.8AI score0.04638EPSS

Exploits0References4

securityvulns•added 2003/12/10 12:0 a.m.•46 views

Multiple Vendor SOAP server (XML parser) attribute blowup DoS

/////////////////////////////////////////////////////////////////////////////// //========================== Security Advisory ==========================// ///////////////////////////////////////////////////////////////////////////////...

0.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by