Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0840 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header. | |||||
| CVE-2009-1177 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors. | |||||
| CVE-2009-1176 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2021-06-07 | 10.0 HIGH | N/A |
| mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action. | |||||
| CVE-2009-3560 | 2 James Clark, Xmltwig | 2 Expat, Xml-twig For Perl | 2021-06-06 | 5.0 MEDIUM | N/A |
| The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. | |||||
| CVE-2018-1301 | 5 Apache, Canonical, Debian and 2 more | 8 Http Server, Ubuntu Linux, Debian Linux and 5 more | 2021-06-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. | |||||
| CVE-2014-3583 | 3 Apache, Apple, Canonical | 4 Http Server, Mac Os X, Os X Server and 1 more | 2021-06-06 | 5.0 MEDIUM | N/A |
| The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. | |||||
| CVE-2003-0542 | 1 Apache | 1 Http Server | 2021-06-06 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. | |||||
| CVE-2017-7679 | 1 Apache | 1 Http Server | 2021-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. | |||||
| CVE-2004-0940 | 6 Apache, Hp, Openpkg and 3 more | 6 Http Server, Hp-ux, Openpkg and 3 more | 2021-06-06 | 6.9 MEDIUM | N/A |
| Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | |||||
| CVE-2015-8026 | 1 Exfat Project | 1 Exfat | 2021-06-03 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem. | |||||
| CVE-2018-6789 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2021-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | |||||
| CVE-2021-21225 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21220 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-3657 | 2 Intel, Siemens | 23 Converged Security Management Engine Firmware, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 20 more | 2021-05-26 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. | |||||
| CVE-2010-1797 | 1 Apple | 1 Iphone Os | 2021-05-22 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2020-20220 | 1 Mikrotik | 1 Routeros | 2021-05-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||
| CVE-2017-1304 | 1 Ibm | 1 Elastic Storage Server | 2021-05-21 | 4.6 MEDIUM | 6.2 MEDIUM |
| IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458. | |||||
| CVE-2020-20267 | 1 Mikrotik | 1 Routeros | 2021-05-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. | |||||
| CVE-2021-31472 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2021-05-19 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13011. | |||||
| CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2021-05-17 | 7.5 HIGH | N/A |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | |||||