| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. |
| Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. |
| cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |
| Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. |
| modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters. |
| Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. |
| Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. |
| Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. |
| The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. |
| The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. |
| PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. |
| The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. |
| The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
| Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. |
| Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. |
| Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. |
| Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. |
