Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0599 | 4 Apple, Canonical, Fedoraproject and 1 more | 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | |||||
| CVE-2001-0334 | 1 Microsoft | 1 Internet Information Server | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | |||||
| CVE-2001-0248 | 2 Hp, Sgi | 2 Hp-ux, Irix | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. | |||||
| CVE-2001-0249 | 3 Hp, Oracle, Sgi | 3 Hp-ux, Solaris, Irix | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | |||||
| CVE-2002-0184 | 2 Debian, Sudo Project | 2 Debian Linux, Sudo | 2024-02-02 | 7.2 HIGH | 7.8 HIGH |
| Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. | |||||
| CVE-2004-0434 | 2 Debian, Heimdal Project | 2 Debian Linux, Heimdal | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. | |||||
| CVE-2002-1347 | 2 Apple, Cyrusimap | 3 Mac Os X, Mac Os X Server, Cyrus Sasl | 2024-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. | |||||
| CVE-2005-0490 | 1 Haxx | 2 Curl, Libcurl | 2024-02-02 | 5.1 MEDIUM | 8.8 HIGH |
| Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. | |||||
| CVE-2004-0940 | 6 Apache, Hp, Openpkg and 3 more | 6 Http Server, Hp-ux, Openpkg and 3 more | 2024-02-02 | 6.9 MEDIUM | 7.8 HIGH |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | |||||
| CVE-2024-23622 | 1 Ibm | 1 Merge Efilm Workstation | 2024-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | |||||
| CVE-2024-23621 | 1 Ibm | 1 Merge Efilm Workstation | 2024-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | |||||
| CVE-2023-4257 | 1 Zephyrproject | 1 Zephyr | 2024-01-12 | N/A | 9.8 CRITICAL |
| Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. | |||||
| CVE-2023-45871 | 1 Linux | 1 Linux Kernel | 2024-01-11 | N/A | 7.5 HIGH |
| An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. | |||||
| CVE-2023-5941 | 1 Freebsd | 1 Freebsd | 2023-12-14 | N/A | 9.8 CRITICAL |
| In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Â Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program. | |||||
| CVE-2023-1175 | 1 Vim | 1 Vim | 2023-11-07 | N/A | 6.6 MEDIUM |
| Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | |||||
| CVE-2022-4378 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 7.8 HIGH |
| A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2022-39377 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2023-11-07 | N/A | 7.8 HIGH |
| sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | |||||
| CVE-2022-2873 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | |||||
| CVE-2021-4206 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2023-11-07 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2020-8450 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. | |||||