Total
1251 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1579 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2010-02-08 | 4.3 MEDIUM | N/A |
Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
CVE-2003-1580 | 1 Apache | 1 Http Server | 2010-02-07 | 4.3 MEDIUM | N/A |
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
CVE-2009-4016 | 3 Ircd-hybrid, Ircd-ratbox, Oftc | 3 Ircd-hybrid, Ircd-ratbox, Oftc-hybrid | 2010-02-04 | 6.8 MEDIUM | N/A |
Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command. | |||||
CVE-2007-2281 | 1 Hp | 1 Openview Storage Data Protector | 2009-12-22 | 10.0 HIGH | N/A |
Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter. | |||||
CVE-2009-2415 | 1 Memcachedb | 1 Memcached | 2009-12-18 | 10.0 HIGH | N/A |
Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. | |||||
CVE-2009-3930 | 1 Christos Zoulas | 1 File | 2009-11-23 | 9.3 HIGH | N/A |
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow. | |||||
CVE-2009-2838 | 1 Apple | 1 Mac Os X | 2009-11-16 | 6.8 MEDIUM | N/A |
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. | |||||
CVE-2009-2826 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 6.8 MEDIUM | N/A |
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | |||||
CVE-2009-3296 | 1 Gallium.inria | 1 Camimages | 2009-10-20 | 7.5 HIGH | N/A |
Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows. | |||||
CVE-2009-3282 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2009-10-19 | 7.8 HIGH | N/A |
Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | |||||
CVE-2009-2468 | 1 Mozilla | 1 Firefox | 2009-09-15 | 10.0 HIGH | N/A |
Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194. | |||||
CVE-2009-2478 | 1 Mozilla | 1 Firefox | 2009-08-06 | 5.0 MEDIUM | N/A |
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug." | |||||
CVE-2009-0690 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000\/jbig2 Decoder Add-on | 2009-06-23 | 9.3 HIGH | N/A |
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read. | |||||
CVE-2009-1705 | 1 Apple | 1 Safari | 2009-06-12 | 9.3 HIGH | N/A |
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. | |||||
CVE-2009-1755 | 1 Nlnetlabs | 1 Nsd | 2009-05-28 | 5.0 MEDIUM | N/A |
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow. | |||||
CVE-2009-1442 | 1 Google | 1 Chrome | 2009-05-18 | 6.8 MEDIUM | N/A |
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. | |||||
CVE-2008-5396 | 1 Asterisk | 1 Zaptel | 2009-05-13 | 7.2 HIGH | N/A |
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl. | |||||
CVE-2009-1301 | 1 Mpg123 | 1 Mpg123 | 2009-04-28 | 10.0 HIGH | N/A |
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-1865 | 1 Redhat | 1 Enterprise Linux | 2008-11-12 | 1.9 LOW | N/A |
** DISPUTED ** The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer." | |||||
CVE-2003-1564 | 1 Xmlsoft | 1 Libxml2 | 2008-10-23 | 9.3 HIGH | N/A |
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." |