| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. |
| Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings. |
| Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. |
| The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. |
| /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. |
| VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. |
| Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges. |
| traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. |
| Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections." |
| Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable. |
| Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. |
| Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow. |
| Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options. |
| Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths. |
| Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges. |
| Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI. |
| Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. |
| Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code. |
| Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. |
| The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. |
