Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-1999-0150 | The Perl fingerd program allows arbitrary command execution from remote users. | 1999-09-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-1999-0236 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | 1999-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-1999-0475 | A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. | 1999-09-02T00:00:00.000Z | 2025-10-01T23:10:48.000Z |
| msrc_cve-1999-0612 | A version of finger is running that exposes valid user information to any entity on the network. | 1999-09-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-1999-0428 | OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. | 2000-01-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-1999-0817 | Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | 2000-01-02T00:00:00.000Z | 2026-02-18T01:04:13.000Z |
| msrc_cve-1999-0901 | ypserv allows a local user to modify the GECOS and login shells of other users. | 2000-01-02T00:00:00.000Z | 2025-10-01T23:10:48.000Z |
| msrc_cve-1999-0902 | ypserv allows local administrators to modify password tables. | 2000-01-02T00:00:00.000Z | 2025-10-01T23:10:48.000Z |
| msrc_cve-1999-0965 | Race condition in xterm allows local users to modify arbitrary files via the logging option. | 2000-01-02T00:00:00.000Z | 2025-10-01T23:10:48.000Z |
| msrc_cve-1999-0163 | In older versions of Sendmail, an attacker could use a pipe character to execute root commands. | 2000-02-02T00:00:00.000Z | 2025-10-01T23:10:47.000Z |
| msrc_cve-1999-0524 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | 2000-02-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-1999-0656 | The ugidd RPC interface by design allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. | 2000-02-02T00:00:00.000Z | 2026-02-19T01:07:19.000Z |
| msrc_cve-1999-0145 | Sendmail WIZ command enabled, allowing root access. | 2000-10-02T00:00:00.000Z | 2025-10-01T23:10:10.000Z |
| msrc_cve-2000-0803 | GNU Groff uses the current working directory to find a device description file which allows a local user to gain additional privileges by including a malicious postpro directive in the description file which is executed when another user runs groff. | 2001-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-1999-1412 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs which generates a large number of processes. | 2001-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-1999-1090 | The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. | 2002-03-02T00:00:00.000Z | 2025-10-01T23:10:49.000Z |
| msrc_cve-2000-0006 | strace allows local users to read arbitrary files via memory mapped file names. | 2002-03-02T00:00:00.000Z | 2026-01-04T14:35:13.000Z |
| msrc_cve-2002-0129 | efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. | 2002-03-02T00:00:00.000Z | 2025-10-01T23:10:49.000Z |
| msrc_cve-2002-0130 | Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument. | 2002-03-02T00:00:00.000Z | 2025-10-01T23:10:49.000Z |
| msrc_cve-2002-0318 | FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets. | 2003-04-02T00:00:00.000Z | 2025-10-01T23:10:50.000Z |
| msrc_cve-2005-0469 | Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. | 2005-03-02T00:00:00.000Z | 2025-10-01T23:10:50.000Z |
| msrc_cve-2005-0868 | AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC. | 2005-03-02T00:00:00.000Z | 2025-10-01T23:10:50.000Z |
| msrc_cve-2005-2069 | pam_ldap and nss_ldap when used with OpenLDAP and connecting to a slave using TLS does not use TLS for the subsequent connection if the client is referred to a master which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | 2005-06-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2006-5201 | Multiple packages on Sun Solaris including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier SDK and JRE 1.4.x up to 1.4.2_12 and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice when using an RSA key with exponent 3 removes PKCS-1 padding before generating a hash which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | 2006-10-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2007-0086 | The Apache HTTP Server when accessed through a TCP connection with a large window size allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties who state that the large window size required by the attack is not normally supported or configured by the server or that a DDoS-style attack would accomplish the same goal | 2007-01-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2007-1397 | Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | 2007-03-02T00:00:00.000Z | 2025-10-01T23:10:50.000Z |
| msrc_cve-2007-2650 | The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop as demonstrated via a crafted DOC file. | 2007-05-02T00:00:00.000Z | 2020-10-25T00:00:00.000Z |
| msrc_cve-2007-2768 | OpenSSH when using OPIE (One-Time Passwords in Everything) for PAM allows remote attackers to determine the existence of certain user accounts which displays a different response if the user account exists and is configured to use one-time passwords (OTP) a similar issue to CVE-2007-2243. | 2007-05-02T00:00:00.000Z | 2026-02-18T01:21:20.000Z |
| msrc_cve-2007-3205 | The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin. | 2007-06-02T00:00:00.000Z | 2025-10-01T23:10:50.000Z |
| msrc_cve-2007-4559 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive a related issue to CVE-2001-1267. | 2007-08-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |