Total
11642 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4872 | 1 Pcre | 1 Pcre | 2024-11-21 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | |||||
| CVE-2005-4870 | 1 Ibm | 1 Db2 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | |||||
| CVE-2005-4867 | 1 Ibm | 1 Db2 Universal Database | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. | |||||
| CVE-2005-4866 | 1 Ibm | 1 Db2 Universal Database | 2024-11-21 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. | |||||
| CVE-2005-4865 | 1 Ibm | 1 Db2 Universal Database | 2024-11-21 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. | |||||
| CVE-2005-4864 | 1 Ibm | 1 Db2 Universal Database | 2024-11-21 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. | |||||
| CVE-2005-4863 | 1 Ibm | 1 Db2 Universal Database | 2024-11-21 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | |||||
| CVE-2005-4848 | 1 Rim | 1 Blackberry Enterprise Server | 2024-11-21 | 7.5 HIGH | N/A |
| Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets. | |||||
| CVE-2005-4840 | 1 Microsoft | 2 Internet Explorer, Outlook Express Book Control | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. | |||||
| CVE-2005-4807 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2024-11-21 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | |||||
| CVE-2005-4667 | 1 Info-zip | 1 Unzip | 2024-11-21 | 3.7 LOW | N/A |
| Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. | |||||
| CVE-2005-4459 | 1 Vmware | 4 Ace, Gsx Server, Player and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands. | |||||
| CVE-2005-4444 | 1 David Harris | 1 Pegasus Mail | 2024-11-21 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply. | |||||
| CVE-2005-4268 | 1 Gnu | 1 Cpio | 2024-11-21 | 3.7 LOW | N/A |
| Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. | |||||
| CVE-2005-4267 | 1 Qualcomm | 1 Worldmail | 2024-11-21 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands. | |||||
| CVE-2005-4220 | 1 Netgear | 1 Rp114 | 2024-11-21 | 7.8 HIGH | N/A |
| Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap. | |||||
| CVE-2005-4092 | 1 Apple | 2 Itunes, Quicktime | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. | |||||
| CVE-2005-4048 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. | |||||
| CVE-2005-3863 | 1 Ktools | 1 Ktools | 2024-11-21 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro. | |||||
| CVE-2005-3832 | 1 Speedproject | 2 Speedcommander, Squeez | 2024-11-21 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename. | |||||