Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1496 | 1 Hp | 1 Tru64 | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
|
|||||
| CVE-2002-2226 | 1 Tftpd32 | 1 Tftpd32 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.
|
|||||
| CVE-2002-2390 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
|
|||||
| CVE-2003-1461 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
|
|||||
| CVE-2003-0218 | 1 Monkey-project | 1 Monkey | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
|
|||||
| CVE-2003-1354 | 1 Gamespy3d | 1 Gamespy 3d | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.
|
|||||
| CVE-2002-2295 | 1 Pico Server | 1 Pico Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path.
|
|||||
| CVE-2005-4873 | 1 Cups | 1 Cups | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c.
|
|||||
| CVE-2006-0966 | 1 Ncp Network Communications | 1 Secure Client | 2025-04-03 | 2.1 LOW | N/A |
|
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow.
|
|||||
| CVE-2006-2180 | 1 Kmint21 Software | 1 Golden Ftp Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer.
|
|||||
| CVE-2006-2781 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.
|
|||||
| CVE-2005-3483 | 2 Graphon, Microsoft | 2 Go-global, Windows | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size.
|
|||||
| CVE-2006-3961 | 1 Mcafee | 9 Antispyware, Internet Security Suite, Personal Firewall Plus and 6 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
|
|||||
| CVE-2005-3760 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.8 HIGH | N/A |
|
Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND).
|
|||||
| CVE-2006-4565 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
|
|||||
| CVE-2004-2727 | 1 Mailenable | 1 Mailenable | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.
|
|||||
| CVE-2002-1174 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.
|
|||||
| CVE-2006-0323 | 1 Realnetworks | 4 Helix Player, Realone Player, Realplayer and 1 more | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
|
|||||
| CVE-2002-2411 | 1 Bannerwheel | 1 Bannerwheel | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.
|
|||||
| CVE-2005-0211 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
|
|||||
| CVE-2003-0095 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
|
|||||
| CVE-2002-2367 | 1 Socks5 | 1 Socks5 | 2025-04-03 | 7.8 HIGH | N/A |
|
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.
|
|||||
| CVE-2005-0247 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement ...
Show More |
|||||
| CVE-2006-3117 | 2 Openoffice, Sun | 2 Openoffice, Staroffice | 2025-04-03 | 7.6 HIGH | N/A |
|
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
|
|||||
| CVE-2003-1497 | 1 Linksys | 1 Befsx41 | 2025-04-03 | 6.3 MEDIUM | N/A |
|
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
|
|||||
| CVE-2002-2259 | 2 Gnuplot, Suse | 2 Gnuplot, Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.
|
|||||
| CVE-2002-2257 | 1 Tuxbr | 1 Libcgi | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.
|
|||||
| CVE-2003-1369 | 1 Save It Software Pty | 1 Bytecatcherftp | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
|
|||||
| CVE-2006-0007 | 1 Microsoft | 1 Office | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
|
|||||
| CVE-2003-1558 | 1 Fefe | 1 Fnord | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.
|
|||||
| CVE-2006-2923 | 1 Loudhush | 1 Loudhush | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, lea ...
Show More |
|||||
| CVE-2006-1982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
|
|||||
| CVE-2003-0373 | 1 Nessus | 1 Nessus | 2025-04-03 | 4.4 MEDIUM | N/A |
|
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function.
|
|||||
| CVE-2003-1455 | 1 Poptop | 1 Pptp Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.
|
|||||
| CVE-2005-3863 | 1 Ktools | 1 Ktools | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.
|
|||||
| CVE-2003-1360 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
|
|||||
| CVE-2006-3353 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.
|
|||||
| CVE-2006-0056 | 1 Pam-mysql | 1 Pam-mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and ...
Show More |
|||||
| CVE-2005-4807 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
|
|||||
| CVE-2006-2656 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
|
|||||