9.9K CVEs classified as low severity
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creat...
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Regist...
AIX techlibss allows local users to overwrite files via a symlink attack.
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
The recover program in Solstice Backup allows local users to restore sensitive files.
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
IMail POP3 daemon uses weak encryption, which allows local users to read files.
FTPPro allows local users to read sensitive information, which is stored in plain text.
strace allows local users to read arbitrary files via memory mapped file names.
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerabilit...
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and a...
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitiv...
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virt...