Total
1222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0739 | 1 Ethereal Group | 1 Ethereal | 2024-11-20 | 5.0 MEDIUM | N/A |
| The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions. | |||||
| CVE-2004-2731 | 1 Linux | 1 Linux Kernel | 2024-11-20 | 4.4 MEDIUM | N/A |
| Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function. | |||||
| CVE-2003-1580 | 1 Apache | 1 Http Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
| CVE-2003-1579 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
| CVE-2003-1432 | 1 Epic Games | 2 Unreal Engine, Unreal Tournament 2003 | 2024-11-20 | 10.0 HIGH | N/A |
| Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. | |||||
| CVE-2003-0372 | 1 Nessus | 1 Nessus | 2024-11-20 | 4.6 MEDIUM | N/A |
| Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. | |||||
| CVE-2002-2419 | 1 Dctc Project | 1 Dctc | 2024-11-20 | 7.8 HIGH | N/A |
| Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character. | |||||
| CVE-2002-2367 | 1 Socks5 | 1 Socks5 | 2024-11-20 | 7.8 HIGH | N/A |
| Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname. | |||||
| CVE-2002-2286 | 1 Apt-www-proxy | 1 Apt-www-proxy | 2024-11-20 | 5.0 MEDIUM | N/A |
| The parse-get function in utils.c for apt-www-proxy 0.1 allows remote attackers to cause a denial of service (crash) via an empty HTTP request, which causes a null dereference. | |||||
| CVE-2002-2245 | 1 Netbsd | 1 Ftpd | 2024-11-20 | 5.0 MEDIUM | N/A |
| ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session. | |||||
| CVE-2002-2235 | 1 Jelsoft | 1 Vbulletin | 2024-11-20 | 5.0 MEDIUM | N/A |
| member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks. | |||||
| CVE-2022-4202 | 1 Gpac | 1 Gpac | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3970 | 4 Apple, Debian, Libtiff and 1 more | 7 Ipados, Iphone Os, Macos and 4 more | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. | |||||
| CVE-2019-11837 | 1 F5 | 1 Njs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. | |||||
| CVE-2019-1010294 | 1 Linaro | 1 Op-tee | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. | |||||
| CVE-2014-10375 | 1 Gnu | 1 Exosip | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | |||||
| CVE-2019-5755 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. | |||||
| CVE-2019-7308 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-02-28 | 4.7 MEDIUM | 5.6 MEDIUM |
| kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. | |||||
| CVE-2016-10490 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned. | |||||
| CVE-2016-10714 | 2 Canonical, Zsh | 2 Ubuntu Linux, Zsh | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | |||||