2003 CVEs

1555 CVEs published in 2003. 8 critical, 11 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2003
CVESeverityScorePublishedSummary
CVE-2003-1233Critical9.82003-12-31Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Wi…
CVE-2003-0545Critical9.82003-11-17Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client c…
CVE-2003-0899Critical9.82003-11-03Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' charac…
CVE-2003-0791Critical9.82003-10-07The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to t…
CVE-2003-0466Critical9.82003-08-27Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in…
CVE-2003-0252Critical9.82003-08-18Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service an…
CVE-2003-0356Critical9.82003-06-09Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via…
CVE-2003-0174Critical9.82003-05-12The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could…
CVE-2003-1048High7.82004-07-27Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash)…
CVE-2003-0578High7.82003-08-18cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overw…
CVE-2003-1605High7.52018-08-23curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
CVE-2003-1604High7.52016-05-02The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL p…
CVE-2003-1567High7.52009-01-15The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, whi…
CVE-2003-1013High7.52004-01-05The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which trigger…
CVE-2003-1000High7.52004-01-05xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
CVE-2003-0625High7.52003-08-27Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection han…
CVE-2003-0411High7.52003-06-30Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension ins…
CVE-2003-0063High7.32003-03-03The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it…
CVE-2003-0844High7.12003-11-17mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitr…
CVE-2003-1564Medium6.52003-12-31libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of servi…