Search Results (44126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0874 1 Microsoft 3 Internet Information Server, Windows 2000, Windows Nt 2026-04-16 N/A
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
CVE-2003-0227 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
CVE-2001-1391 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 5.5 Medium
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
CVE-2002-2295 1 Pico Server 1 Pico Server 2026-04-16 N/A
Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path.
CVE-2005-0504 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
CVE-2006-0771 1 Even Balance 1 Punkbuster 2026-04-16 N/A
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.
CVE-2005-0351 1 Sco 1 Openserver 2026-04-16 N/A
Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable.
CVE-2003-1477 2 Clearswift, Microsoft 2 Mailsweeper For Smtp, All Windows 2026-04-16 N/A
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."
CVE-2005-1141 1 Optical Character Recognition Project 1 Optical Character Recognition 2026-04-16 9.8 Critical
Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.
CVE-2003-1354 1 Gamespy3d 1 Gamespy 3d 2026-04-16 N/A
Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.
CVE-2004-0455 2 Debian, Www-sql Project 2 Debian Linux, Www-sql 2026-04-16 N/A
Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.
CVE-2006-2788 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
CVE-2004-0342 1 Wftpd Pro Server Project 1 Wftpd Pro Server 2026-04-16 5.5 Medium
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2026-04-16 N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-1999-1568 1 Ncftp 1 Ncftpd Server 2026-04-16 7.5 High
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
CVE-2003-1497 1 Linksys 1 Befsx41 2026-04-16 N/A
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
CVE-2003-1496 1 Hp 1 Tru64 2026-04-16 N/A
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
CVE-2003-1491 1 Kerio 1 Personal Firewall 2026-04-16 N/A
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
CVE-2003-1473 1 Lgames 1 Ltris 2026-04-16 N/A
Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable.
CVE-2006-0097 1 Php 1 Php 2026-04-16 N/A
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.