| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467. |
| The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. |
| Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. |
| Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function. |
| Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow. |
| A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 89771b201c66d15d29e4cc016d8aae82b6a5fbe1. It is advisable to implement a patch to correct this issue. |
| The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. |
| A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue. |
| A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue. |
| Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character. |
| Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. |
| Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. |
| member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks. |
| TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". |
| Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. |
| Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. |
| Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname. |
| Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function. |
| Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. |
| Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. |