2003 CVEs
1555 CVEs published in 2003. 8 critical, 11 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2003-1233 | Critical | 9.8 | 2003-12-31 | Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Wi… |
CVE-2003-0545 | Critical | 9.8 | 2003-11-17 | Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client c… |
CVE-2003-0899 | Critical | 9.8 | 2003-11-03 | Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' charac… |
CVE-2003-0791 | Critical | 9.8 | 2003-10-07 | The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to t… |
CVE-2003-0466 | Critical | 9.8 | 2003-08-27 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in… |
CVE-2003-0252 | Critical | 9.8 | 2003-08-18 | Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service an… |
CVE-2003-0356 | Critical | 9.8 | 2003-06-09 | Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via… |
CVE-2003-0174 | Critical | 9.8 | 2003-05-12 | The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could… |
CVE-2003-1048 | High | 7.8 | 2004-07-27 | Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash)… |
CVE-2003-0578 | High | 7.8 | 2003-08-18 | cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overw… |
CVE-2003-1605 | High | 7.5 | 2018-08-23 | curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. |
CVE-2003-1604 | High | 7.5 | 2016-05-02 | The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL p… |
CVE-2003-1567 | High | 7.5 | 2009-01-15 | The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, whi… |
CVE-2003-1013 | High | 7.5 | 2004-01-05 | The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which trigger… |
CVE-2003-1000 | High | 7.5 | 2004-01-05 | xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. |
CVE-2003-0625 | High | 7.5 | 2003-08-27 | Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection han… |
CVE-2003-0411 | High | 7.5 | 2003-06-30 | Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension ins… |
CVE-2003-0063 | High | 7.3 | 2003-03-03 | The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it… |
CVE-2003-0844 | High | 7.1 | 2003-11-17 | mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitr… |
CVE-2003-1564 | Medium | 6.5 | 2003-12-31 | libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of servi… |