Total
1232 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2754 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
|
|||||
| CVE-2002-2235 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
|
|||||
| CVE-2006-1458 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
|
|||||
| CVE-2006-1552 | 1 Apple | 4 Imageio, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
|
|||||
| CVE-2002-2245 | 1 Netbsd | 1 Ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.
|
|||||
| CVE-2005-1852 | 4 Centericq, Ekg, Kadu and 1 more | 4 Centericq, Ekg, Kadu and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
|
|||||
| CVE-2002-2286 | 1 Apt-www-proxy | 1 Apt-www-proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The parse-get function in utils.c for apt-www-proxy 0.1 allows remote attackers to cause a denial of service (crash) via an empty HTTP request, which causes a null dereference.
|
|||||
| CVE-2006-3082 | 1 Gnupg | 1 Gnupg | 2025-04-03 | 5.0 MEDIUM | N/A |
|
parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
|
|||||
| CVE-2006-1467 | 1 Apple | 1 Itunes | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
|
|||||
| CVE-2003-0372 | 1 Nessus | 1 Nessus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.
|
|||||
| CVE-2006-1737 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 9.3 HIGH | N/A |
|
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
|
|||||
| CVE-2006-3486 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or th ...
Show More |
|||||
| CVE-2006-1861 | 1 Freetype | 1 Freetype | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
|
|||||
| CVE-2005-4837 | 2 Net-snmp, Sourceforge | 2 Net-snmp, Net-snmp | 2025-04-03 | 10.0 HIGH | N/A |
|
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
|
|||||
| CVE-2006-3630 | 1 Wireshark | 1 Wireshark | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors.
|
|||||
| CVE-2005-3710 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
|
|||||
| CVE-2006-1249 | 1 Apple | 2 Itunes, Quicktime | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
|
|||||
| CVE-2006-3467 | 1 Freetype | 1 Freetype | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.
|
|||||
| CVE-2005-0739 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
|
|||||
| CVE-2004-2731 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.4 MEDIUM | N/A |
|
Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function.
|
|||||
| CVE-2006-2376 | 1 Microsoft | 3 Windows 98, Windows 98se, Windows Me | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
|
|||||
| CVE-2022-4202 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this ...
Show More |
|||||
| CVE-2022-3970 | 4 Apple, Debian, Libtiff and 1 more | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
|
|||||
| CVE-2020-6111 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 B Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
|
|||||
| CVE-2019-7308 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
|
|||||
| CVE-2019-5755 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
|
|||||
| CVE-2019-11837 | 1 F5 | 1 Njs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
|
|||||
| CVE-2019-1010294 | 1 Linaro | 1 Op-tee | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
|
|||||
| CVE-2016-10714 | 2 Canonical, Zsh | 2 Ubuntu Linux, Zsh | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
|
|||||
| CVE-2016-10490 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an ...
Show More |
|||||
| CVE-2014-10375 | 1 Gnu | 1 Exosip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
|
|||||
| CVE-2007-4721 | 2023-11-07 | N/A | N/A | ||
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113. Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
|
|||||