CVE Daily
← All tags

Tag: Buffer Overflow

All CVEs associated with "Buffer Overflow". Page 138/160 • 19109 CVEs.

Subscribe CVEs: RSS for “Buffer Overflow”  ·  RSS (High+Critical only)

About “Buffer Overflow”

A curated feed of “Buffer Overflow”-related CVEs appears below. We currently track 19109 CVEs for this tag (all time). In the last 365 days, 2722 were published. Average CVSS is 7.9 (all time; 8.0 over 365d), and 78% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-121 - Stack-based Buffer Overflow, CWE-122 - Heap-based Buffer Overflow.

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-04-07
High

CVE-2006-1664

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

CVSS: 7.5 CWE: N/A View on NVD
2006-04-06
Critical

CVE-2006-1652

Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that se…

CVSS: 9.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2006-1655

Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: thi…

CVSS: 6.5 CWE: N/A View on NVD
2006-04-05
Medium

CVE-2006-0051

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote p…

CVSS: 5.1 CWE: N/A View on NVD
2006-04-03
Medium

CVE-2006-1591

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

CVSS: 5.1 CWE: N/A View on NVD
High

CVE-2006-1592

Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument.

CVSS: 7.5 CWE: N/A View on NVD
2006-03-30
High

CVE-2006-1550

Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly invo…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-1539

Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by m…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2006-1542

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by ru…

CVSS: 3.7 CWE: N/A View on NVD
Medium

CVE-2006-1510

Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers t…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2006-1511

Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1502

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that ca…

CVSS: 5.1 CWE: N/A View on NVD
2006-03-29
High

CVE-2006-0459

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rul…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-03-28
High

CVE-2006-1402

Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1409

Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2006-0989

Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbi…

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2006-0990

Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute…

CVSS: 9.0 CWE: N/A View on NVD
High

CVE-2006-0991

Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets t…

CVSS: 7.1 CWE: N/A View on NVD
2006-03-25
Medium

CVE-2006-1390

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files…

CVSS: 4.6 CWE: N/A View on NVD
2006-03-24
Medium

CVE-2006-1385

Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in a…

CVSS: 5.1 CWE: N/A View on NVD
2006-03-23
Critical

CVE-2006-0323

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary co…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-1366

Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary…

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2006-1368

Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2006-1370

Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows re…

CVSS: 9.3 CWE: N/A View on NVD
2006-03-22
Medium

CVE-2006-0038

Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buf…

CVSS: 6.9 CWE: CWE-189 View on NVD
Medium

CVE-2006-1356

Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long l…

CVSS: 5.1 CWE: N/A View on NVD
2006-03-21
High

CVE-2006-1337

Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitra…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-1061

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.

CVSS: 7.5 CWE: N/A View on NVD
2006-03-20
Medium

CVE-2006-1322

Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.

CVSS: 5.0 CWE: N/A View on NVD
2006-03-19
Low

CVE-2006-1286

Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensiti…

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2006-1269

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive…

CVSS: 6.2 CWE: N/A View on NVD
Critical

CVE-2006-1255

Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code vi…

CVSS: 10.0 CWE: N/A View on NVD
2006-03-17
High

CVE-2006-1245

Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of scrip…

CVSS: 7.5 CWE: N/A View on NVD
2006-03-15
Medium

CVE-2006-1240

Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2006-1241

Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identifi…

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2006-1236

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-…

CVSS: 7.5 CWE: N/A View on NVD
2006-03-14
Medium

CVE-2006-0009

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-0031

Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2006-0396

Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail atta…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2006-1220

Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which le…

CVSS: 4.6 CWE: N/A View on NVD
2006-03-10
High

CVE-2006-1141

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1146

Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long me…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2006-1148

Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1)…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-1150

Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (applic…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2006-1136

Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers…

CVSS: 5.0 CWE: N/A View on NVD
2006-03-09
High

CVE-2006-1124

Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1100

Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1078

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2…

CVSS: 8.4 CWE: N/A View on NVD
2006-03-07
Critical

CVE-2006-1038

Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2006-1043

Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Stud…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-1044

Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vecto…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-1016

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaS…

CVSS: 7.5 CWE: N/A View on NVD
2006-03-06
Medium

CVE-2006-1010

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by se…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2006-0387

Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with craft…

CVSS: 6.4 CWE: N/A View on NVD
2006-03-02
Medium

CVE-2006-0963

Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long argu…

CVSS: 4.6 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2006-0965

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.e…

CVSS: 4.6 CWE: N/A View on NVD
Low

CVE-2006-0966

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe,…

CVSS: 2.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2006-0967

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP da…

CVSS: 2.1 CWE: CWE-399 View on NVD
2006-02-28
High

CVE-2006-0918

Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field.

CVSS: 7.5 CWE: N/A View on NVD
2006-02-27
Critical

CVE-2006-0736

Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecifie…

CVSS: 10.0 CWE: N/A View on NVD
2006-02-24
Medium

CVE-2006-0813

Heap-based buffer overflow in WinACE 2.60 allows user-assisted attackers to execute arbitrary code via a large header block in an ARJ archive.

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2006-0300

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended he…

CVSS: 5.1 CWE: N/A View on NVD
2006-02-23
Medium

CVE-2006-0867

Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and pers…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-0720

Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that cause…

CVSS: 7.6 CWE: N/A View on NVD
Medium

CVE-2006-0855

Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2006-0853

Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code vi…

CVSS: 6.5 CWE: N/A View on NVD
2006-02-21
Medium

CVE-2006-0807

Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents.

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-0804

Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.

CVSS: 7.5 CWE: N/A View on NVD
2006-02-19
High

CVE-2006-0797

Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2…

CVSS: 7.8 CWE: N/A View on NVD
2006-02-18
Medium

CVE-2006-0761

Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfi…

CVSS: 5.1 CWE: N/A View on NVD
2006-02-17
High

CVE-2006-0460

Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.

CVSS: 7.5 CWE: N/A View on NVD
2006-02-15
Critical

CVE-2006-0708

Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a Fi…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2006-0709

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a di…

CVSS: 7.5 CWE: N/A View on NVD
2006-02-14
Critical

CVE-2006-0006

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2006-0005

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows r…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2006-0013

Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via craf…

CVSS: 6.5 CWE: N/A View on NVD
2006-02-13
Medium

CVE-2006-0670

Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Pro…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-0671

Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malfo…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2006-0674

Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2006-0597

Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-0598

Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.

CVSS: 7.5 CWE: N/A View on NVD
2006-02-10
Medium

CVE-2006-0629

Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the…

CVSS: 5.1 CWE: N/A View on NVD
High

CVE-2006-0637

Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worl…

CVSS: 7.5 CWE: N/A View on NVD
2006-02-09
Medium

CVE-2006-0619

Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long (1) ABLPATH or (2) ABLANG environment variables in the libAP library (libAp.so.2)…

CVSS: 4.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-0621

Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands.

CVSS: 7.2 CWE: N/A View on NVD
2006-02-06
High

CVE-2006-0564

Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execu…

CVSS: 7.5 CWE: N/A View on NVD
2006-02-04
High

CVE-2006-0550

Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-0537

Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.

CVSS: 7.5 CWE: N/A View on NVD
2006-02-02
Medium

CVE-2006-0528

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that con…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-01
Medium

CVE-2006-0489

Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the ve…

CVSS: 4.6 CWE: N/A View on NVD
2006-01-31
Medium

CVE-2006-0481

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-0476

Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2006-0477

Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-0043

Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount request…

CVSS: 4.6 CWE: N/A View on NVD
2006-01-30
High

CVE-2006-0301

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of serv…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-01-27
High

CVE-2006-0447

Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP c…

CVSS: 7.5 CWE: N/A View on NVD
2006-01-26
High

CVE-2006-0441

Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.

CVSS: 7.5 CWE: N/A View on NVD
2006-01-25
Medium

CVE-2006-0224

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long…

CVSS: 4.6 CWE: N/A View on NVD
2006-01-22
High

CVE-2006-0359

Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-01-21
Medium

CVE-2006-0331

Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2006-0337

Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-0339

Buffer overflow in BitComet Client 0.60 allows remote attackers to execute arbitrary code, when the publisher's name link is clicked, via a long publisher URI in a torrent file.

CVSS: 7.5 CWE: N/A View on NVD
2006-01-20
High

CVE-2006-0019

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted…

CVSS: 7.5 CWE: N/A View on NVD
2006-01-19
Critical

CVE-2006-0316

Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary c…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2006-0304

Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field.

CVSS: 7.5 CWE: N/A View on NVD
2006-01-18
Critical

CVE-2006-0272

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on m…

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2006-0253

Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long fi…

CVSS: 5.1 CWE: N/A View on NVD
2006-01-13
Medium

CVE-2006-0196

Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2006-0189

Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.

CVSS: 7.5 CWE: N/A View on NVD
2006-01-11
High

CVE-2006-0176

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-0177

Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu t…

CVSS: 7.2 CWE: N/A View on NVD
2006-01-10
Critical

CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-0162

Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX f…

CVSS: 7.5 CWE: N/A View on NVD
2006-01-09
Medium

CVE-2006-0117

Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2006-0128

Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
2006-01-06
High

CVE-2006-0097

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2)…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2006-0100

Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. NOTE: because this program executes…

CVSS: 4.6 CWE: N/A View on NVD
2006-01-05
Medium

CVE-2006-0089

Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long s…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-04
Low

CVE-2006-0077

Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors.

CVSS: 2.1 CWE: N/A View on NVD
High

CVE-2006-0072

Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-200…

CVSS: 7.5 CWE: N/A View on NVD