| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings. |
| Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. |
| Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. |
| The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference. |
| Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. |
| Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. |
| Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. |
| sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. |
| BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters. |
| Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. |
| MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. |
| The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read. |
| modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters. |
| The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. |
| Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service. |
| The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow. |
| Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. |
| Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
| ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. |
