Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-06 | CVE-2006-4095 | Reachable Assertion vulnerability in multiple products BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. | 7.5 |
| 2006-08-29 | CVE-2006-4434 | Use After Free vulnerability in Sendmail Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. | 7.5 |
| 2006-06-15 | CVE-2006-2916 | Improper Check for Dropped Privileges vulnerability in KDE Arts 1.0/1.2 artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | 7.8 |
| 2006-05-20 | CVE-2006-2492 | Classic Buffer Overflow vulnerability in Microsoft Office and Works Suite Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. | 8.8 |
| 2006-05-09 | CVE-2006-2275 | Improper Locking vulnerability in multiple products Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer." | 7.5 |
| 2006-03-30 | CVE-2006-1547 | Unspecified vulnerability in Apache Commons Beanutils and Struts ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | 7.5 |
| 2006-03-23 | CVE-2006-1364 | Resource Exhaustion vulnerability in Microsoft Asp.Net 1.0/1.1 Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. | 7.5 |
| 2005-12-31 | CVE-2005-4868 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | 7.1 |
| 2005-12-31 | CVE-2005-4860 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Spectrumcu Cash Receipting System 6.406.08 Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password. | 7.8 |
| 2005-11-24 | CVE-2005-3803 | Use of Hard-coded Credentials vulnerability in Cisco Unified Wireless IP Phone 7920 Firmware 1.0(8) Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | 7.5 |