Total
13328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1337 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-0836 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | |||||
| CVE-2003-1445 | 1 Rarlab | 1 Far Manager | 2025-04-03 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname. | |||||
| CVE-2005-0256 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. | |||||
| CVE-2005-4267 | 1 Qualcomm | 1 Worldmail | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands. | |||||
| CVE-2006-3353 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
| Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties. | |||||
| CVE-2006-0966 | 1 Ncp Network Communications | 1 Secure Client | 2025-04-03 | 2.1 LOW | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow. | |||||
| CVE-2003-1496 | 1 Hp | 1 Tru64 | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840. | |||||
| CVE-2005-4268 | 1 Gnu | 1 Cpio | 2025-04-03 | 3.7 LOW | N/A |
| Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. | |||||
| CVE-2006-1148 | 1 Peercast | 1 Peercast | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp. | |||||
| CVE-2005-3627 | 1 Xpdf | 1 Xpdf | 2025-04-03 | 7.5 HIGH | N/A |
| Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo. | |||||
| CVE-2003-1393 | 1 Gupta Technologies | 1 Sqlbase | 2025-04-03 | 8.5 HIGH | N/A |
| Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command. | |||||
| CVE-2005-4870 | 1 Ibm | 1 Db2 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | |||||
| CVE-2005-2335 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier. | |||||
| CVE-1999-0349 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 7.5 HIGH | N/A |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. | |||||
| CVE-1999-0874 | 1 Microsoft | 3 Internet Information Server, Windows 2000, Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | |||||
| CVE-2006-0097 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. | |||||
| CVE-2006-0710 | 1 Isode | 1 M-vault Server | 2025-04-03 | 7.5 HIGH | N/A |
| Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP. | |||||
| CVE-2004-0368 | 3 Ibm, Open Group, Xi Graphics | 3 Aix, Cde Common Desktop Environment, Dextop | 2025-04-03 | 10.0 HIGH | N/A |
| Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet. | |||||
| CVE-2006-0301 | 1 Xpdf | 1 Xpdf | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. | |||||