Search
153,552 CVEs · Medium severity
CVEs (153,552, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 153,552 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-1999-0388 | MEDIUM | 4.6 | 1999-01-01 | DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. | |
| CVE-1999-0393 | MEDIUM | 5.0 | 1999-01-01 | Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. | |
| CVE-1999-0395 | MEDIUM | 5.1 | 1999-01-01 | A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. | |
| CVE-1999-0398 | MEDIUM | 4.6 | 1999-01-01 | In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. | |
| CVE-1999-0448 | MEDIUM | 5.0 | 1999-01-01 | IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | |
| CVE-1999-0453 | MEDIUM | 5.0 | 1999-01-01 | An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |
| CVE-1999-0520 | MEDIUM | 6.4 | 1999-01-01 | A system-critical NETBIOS/SMB share has inappropriate access control. | |
| CVE-1999-0578 | MEDIUM | 4.6 | 1999-01-01 | A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | |
| CVE-1999-0593 | MEDIUM | 4.9 | 1999-01-01 | The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | |
| CVE-1999-0650 | MEDIUM | 5.0 | 1999-01-01 | The netstat service is running, which provides sensitive information to remote attackers. | |
| CVE-1999-0656 | MEDIUM | 5.0 | 1999-01-01 | The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. | |
| CVE-1999-1440 | MEDIUM | Patched | 5.1 | 1999-01-01 | Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long n… |
| CVE-1999-0402 | MEDIUM | 5.0 | 1999-01-02 | wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. | |
| CVE-1999-1170 | MEDIUM | 4.6 | 1999-01-02 | IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |
| CVE-2000-0054 | MEDIUM | 5.0 | 1999-01-03 | search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. | |
| CVE-1999-0392 | MEDIUM | Patched | 5.0 | 1999-01-10 | Buffer overflow in Thomas Boutell's cgic library version up to 1.05. |
| CVE-1999-0063 | MEDIUM | 5.0 | 1999-01-11 | Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. | |
| CVE-1999-1172 | MEDIUM | 5.0 | 1999-01-14 | By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared. | |
| CVE-1999-0678 | MEDIUM | 5.0 | 1999-01-17 | A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. | |
| CVE-1999-1544 | MEDIUM | 5.0 | 1999-01-24 | Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. | |
| CVE-1999-0357 | MEDIUM | 5.0 | 1999-01-25 | Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets. | |
| CVE-1999-0400 | MEDIUM | 4.6 | 1999-01-26 | Denial of service in Linux 2.2.0 running the ldd command on a core file. | |
| CVE-1999-0348 | MEDIUM | 5.0 | 1999-01-27 | IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | |
| CVE-1999-1546 | MEDIUM | 5.0 | 1999-01-29 | netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable. | |
| CVE-1999-0351 | MEDIUM | 6.4 | 1999-02-01 | FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. |