Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0625 | 1 Hadrons | 1 Xfstt | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
| Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | |||||
| CVE-2001-0609 | 1 Infodrom | 1 Cfingerd | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | |||||
| CVE-2002-1745 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | |||||
| CVE-2001-1391 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | |||||
| CVE-2003-0356 | 1 Ethereal | 1 Ethereal | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. | |||||
| CVE-2003-0466 | 7 Apple, Freebsd, Netbsd and 4 more | 8 Mac Os X, Mac Os X Server, Freebsd and 5 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | |||||
| CVE-2002-1816 | 1 Redshift | 1 Atphttpd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-0346 | 1 Proftpd | 1 Proftpd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | |||||
| CVE-2002-0844 | 1 Distrotech | 1 Cvs | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | |||||
| CVE-2004-0005 | 1 Gaim Project | 1 Gaim | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte. | |||||
| CVE-1999-1568 | 1 Ncftp | 1 Ncftpd Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. | |||||
| CVE-2002-0653 | 1 Modssl | 1 Mod Ssl | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | |||||
| CVE-2001-1496 | 1 Acme | 1 Thttpd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-0083 | 9 Conectiva, Engardelinux, Immunix and 6 more | 11 Linux, Secure Linux, Immunix and 8 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | |||||
| CVE-2003-0252 | 1 Linux-nfs | 1 Nfs-utils | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | |||||
| CVE-2004-0342 | 1 Wftpd Pro Server Project | 1 Wftpd Pro Server | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | |||||