Search Results (1985 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24913 1 Java-merge-sort Project 1 Java-merge-sort 2025-04-08 5.5 Medium
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
CVE-2024-58131 1 Fisco-bcos 1 Fisco-bcos 2025-04-08 4 Medium
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.
CVE-2023-32019 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more 2025-04-08 4.7 Medium
Windows Kernel Information Disclosure Vulnerability
CVE-2023-22412 1 Juniper 46 Junos, Mx10, Mx10000 and 43 more 2025-04-07 7.5 High
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series.
CVE-2022-45438 1 Apache 1 Superset 2025-04-07 5.3 Medium
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CVE-2022-46505 1 Matrixssl 1 Matrixssl 2025-04-04 7.5 High
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
CVE-2023-0397 1 Zephyrproject 1 Zephyr 2025-04-03 9.6 Critical
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
CVE-2005-3847 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-03 5.5 Medium
The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.
CVE-2002-0055 1 Microsoft 3 Exchange Server, Windows 2000, Windows Xp 2025-04-03 N/A
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
CVE-2000-1198 1 Qualcomm 1 Qpopper 2025-04-03 5.5 Medium
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
CVE-2002-1914 2 Dump Project, Redhat 2 Dump, Enterprise Linux 2025-04-03 5.5 Medium
dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.
CVE-2001-0893 1 Acme 1 Mini Httpd 2025-04-03 N/A
Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
CVE-2004-0174 2 Apache, Redhat 2 Http Server, Stronghold 2025-04-03 7.5 High
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
CVE-2006-2374 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-03 5.5 Medium
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
CVE-2004-1489 1 Opera 1 Opera Browser 2025-04-03 N/A
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
CVE-2002-1850 1 Apache 1 Http Server 2025-04-03 7.5 High
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
CVE-2000-0338 1 Concurrent Versions Software Project 1 Concurrent Versions Software 2025-04-03 5.5 Medium
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
CVE-2002-0051 1 Microsoft 1 Windows 2000 2025-04-03 7.8 High
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
CVE-2001-1471 1 Phpbb 1 Phpbb 2025-04-03 8.8 High
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
CVE-2001-0892 1 Acme 1 Thttpd 2025-04-03 N/A
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.