Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2196 | 1 Samba | 1 Samba | 2025-04-03 | 7.5 HIGH | N/A |
|
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
|
|||||
| CVE-2003-1395 | 1 Kazaa | 1 Kazaa Media Desktop | 2025-04-03 | 9.0 HIGH | N/A |
|
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
|
|||||
| CVE-2006-1368 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.
|
|||||
| CVE-2002-0813 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
|
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
|
|||||
| CVE-2006-3463 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 7.8 HIGH | N/A |
|
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.
|
|||||
| CVE-2002-2368 | 1 Nec | 1 Socks 5 | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
|
|||||
| CVE-2003-1512 | 1 Khaled Mardam-bey | 1 Mirc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
|
|||||
| CVE-2006-0855 | 1 Rahul Dhesi | 1 Zoo | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.
|
|||||
| CVE-2006-1652 | 1 Ultravnc | 2 Tabbed Viewer, Vnc Viewer | 2025-04-03 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
|
|||||
| CVE-2006-4868 | 1 Microsoft | 5 Internet Explorer, Outlook, Windows 2000 and 2 more | 2025-04-03 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
|
|||||
| CVE-2006-0730 | 1 Timo Sirainen | 1 Dovecot | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
|
|||||
| CVE-2006-1857 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 9.0 HIGH | N/A |
|
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
|
|||||
| CVE-2005-4220 | 1 Netgear | 1 Rp114 | 2025-04-03 | 7.8 HIGH | N/A |
|
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap.
|
|||||
| CVE-2006-0807 | 1 Njstar | 2 Chinese Word Processor, Japanese Word Processor | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents.
|
|||||
| CVE-2003-1359 | 2 Avaya, Hp | 2 Predictive Dialer System, Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
|
|||||
| CVE-2003-0662 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
|
|||||
| CVE-1999-1588 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
|
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
|
|||||
| CVE-1999-0700 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
|
|||||
| CVE-2006-3199 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.
|
|||||
| CVE-2002-2366 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
|
|||||
| CVE-2005-4840 | 1 Microsoft | 2 Internet Explorer, Outlook Express Book Control | 2025-04-03 | 4.3 MEDIUM | N/A |
|
The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.
|
|||||
| CVE-2002-2271 | 1 Bigfun | 1 Bigfun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string.
|
|||||
| CVE-2005-0256 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
|
|||||
| CVE-2006-1454 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data.
|
|||||
| CVE-2004-0220 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 10.0 HIGH | N/A |
|
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
|
|||||
| CVE-2006-1189 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."
|
|||||
| CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2025-04-03 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
|
|||||
| CVE-2006-4018 | 1 Clamav | 1 Clamav | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
|
|||||
| CVE-2001-1539 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.
|
|||||
| CVE-2006-0001 | 1 Microsoft | 2 Office, Publisher | 2025-04-03 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
|
|||||
| CVE-2003-1375 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
|
|||||
| CVE-1999-0332 | 1 Microsoft | 1 Netmeeting | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in NetMeeting allows denial of service and remote command execution.
|
|||||
| CVE-2006-1461 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file.
|
|||||
| CVE-2006-2382 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."
|
|||||
| CVE-1999-0898 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
|
|||||
| CVE-2005-4848 | 1 Rim | 1 Blackberry Enterprise Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets.
|
|||||
| CVE-2003-1337 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2006-1550 | 1 Dia | 1 Dia | 2025-04-03 | 7.6 HIGH | N/A |
|
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
|
|||||
| CVE-2003-1473 | 1 Lgames | 1 Ltris | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable.
|
|||||
| CVE-2003-1339 | 1 Ezmeeting | 1 Ezmeeting | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.
|
|||||