Critical
CVE-2000-0509
Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
Tag: Buffer Overflow
All CVEs associated with "Buffer Overflow". Page 157/160 • 19109 CVEs.
Subscribe CVEs: RSS for “Buffer Overflow” · RSS (High+Critical only)
About “Buffer Overflow”
A curated feed of “Buffer Overflow”-related CVEs appears below. We currently track 19109 CVEs for this tag (all time). In the last 365 days, 2728 were published. Average CVSS is 7.9 (all time; 8.0 over 365d), and 78% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-121 - Stack-based Buffer Overflow, CWE-122 - Heap-based Buffer Overflow.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2000-06-01
2000-05-30
Medium
CVE-2000-0486
Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.
Critical
CVE-2000-0488
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.
2000-05-29
High
CVE-2000-0454
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
Low
CVE-2000-0455
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.
2000-05-27
High
CVE-2000-0460
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
2000-05-24
Critical
CVE-2000-0398
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.
Medium
CVE-2000-0399
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.
High
CVE-2000-0446
Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.
Critical
CVE-2000-0491
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
2000-05-22
High
CVE-2000-0438
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
2000-05-18
Critical
CVE-2000-0437
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
Medium
CVE-2000-0452
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.
2000-05-17
High
CVE-2000-0464
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerab…
2000-05-16
Critical
CVE-2000-0389
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
Critical
CVE-2000-0390
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
Critical
CVE-2000-0391
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
High
CVE-2000-0392
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
Medium
CVE-2000-0395
Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.
Critical
CVE-2000-0405
Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.
2000-05-12
High
CVE-2000-0407
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
Medium
CVE-2000-0415
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
2000-05-05
Medium
CVE-2000-0423
Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.
2000-05-04
High
CVE-2000-0422
Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter.
Critical
CVE-2000-0428
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.
2000-05-03
Critical
CVE-2000-0425
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
2000-05-02
Critical
CVE-2000-0343
Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.
2000-05-01
High
CVE-2000-0401
Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string.
High
CVE-2000-0447
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.
2000-04-29
High
CVE-2000-0340
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
2000-04-24
High
CVE-2000-0316
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
High
CVE-2000-0317
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
Medium
CVE-2000-0321
Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.
High
CVE-2000-0337
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
2000-04-21
Critical
CVE-2000-0295
Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
2000-04-20
Medium
CVE-2000-0331
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environme…
2000-04-19
High
CVE-2000-0256
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Sid…
High
CVE-2000-0257
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
2000-04-16
High
CVE-2000-0284
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
High
CVE-2000-0285
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
Medium
CVE-2000-0291
Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document.
2000-04-14
High
CVE-2000-0260
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
2000-04-10
High
CVE-2000-0294
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.
2000-04-04
Medium
CVE-2000-0299
Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.
2000-04-03
Low
CVE-2000-0280
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
2000-03-31
Medium
CVE-2000-0290
Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
2000-03-27
High
CVE-2000-0235
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
2000-03-26
Low
CVE-2000-0281
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
2000-03-20
Medium
CVE-2000-0226
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
2000-03-17
Medium
CVE-2000-0238
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.
2000-03-15
Medium
CVE-2000-0198
Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.
Medium
CVE-2000-0239
Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
2000-03-13
High
CVE-2000-0230
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
2000-03-10
Medium
CVE-2000-0183
Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.
High
CVE-2000-0223
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
2000-03-09
Critical
CVE-2000-0175
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
2000-03-06
Medium
CVE-2000-0200
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" v…
2000-03-02
High
CVE-1999-0693
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
2000-02-28
High
CVE-2000-0186
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
High
CVE-2000-0196
Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.
2000-02-27
High
CVE-2000-0209
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
2000-02-26
High
CVE-2000-0170
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
2000-02-21
Critical
CVE-2000-0166
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.
2000-02-16
High
CVE-2000-0158
Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.
2000-02-06
Low
CVE-2000-0472
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
2000-02-04
Low
CVE-2000-0129
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
2000-02-03
High
CVE-2000-0218
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
2000-02-01
Medium
CVE-2000-0131
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
Critical
CVE-2000-0133
Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.
2000-01-27
High
CVE-2000-0130
Buffer overflow in SCO scohelp program allows remote attackers to execute commands.
High
CVE-2000-1216
Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.
2000-01-26
High
CVE-2000-0096
Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.
2000-01-21
Critical
CVE-2000-0091
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
2000-01-20
High
CVE-2000-0088
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
2000-01-18
High
CVE-2000-0099
Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.
2000-01-17
Critical
CVE-2000-0065
Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.
2000-01-10
High
CVE-2000-0046
Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
2000-01-06
High
CVE-2000-0055
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
2000-01-04
High
CVE-1999-0744
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
Critical
CVE-1999-0876
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
High
CVE-2000-0049
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
2000-01-01
High
CVE-1999-0964
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.
1999-12-31
High
CVE-1999-0808
Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.
Medium
CVE-1999-1093
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web pag…
High
CVE-1999-1094
Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
Medium
CVE-1999-1290
Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.
High
CVE-1999-1327
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
High
CVE-1999-1329
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
Medium
CVE-1999-1330
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
High
CVE-1999-1334
Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) via a long -f (filterfile) command…
Critical
CVE-1999-1588
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka Sys…
High
CVE-2000-0011
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.
1999-12-30
Critical
CVE-2000-0003
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
High
CVE-2000-0043
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
1999-12-29
Critical
CVE-2000-0042
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
1999-12-27
Critical
CVE-2000-0012
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
Medium
CVE-2000-0060
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
1999-12-24
Medium
CVE-1999-0892
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
1999-12-22
Critical
CVE-2000-0002
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.
1999-12-21
Critical
CVE-2000-0017
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
Medium
CVE-2000-0023
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.
Critical
CVE-2000-0026
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
1999-12-16
Medium
CVE-1999-1004
Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.
1999-12-15
High
CVE-1999-0996
Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.
1999-12-13
High
CVE-1999-1007
Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.
1999-12-10
Critical
CVE-1999-0977
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
1999-12-09
High
CVE-1999-0972
Buffer overflow in Xshipwars xsw program.
Critical
CVE-1999-0974
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
1999-12-07
Critical
CVE-1999-0973
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
1999-12-06
High
CVE-1999-0989
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
Medium
CVE-1999-0991
Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.
1999-12-03
Medium
CVE-1999-0865
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.
High
CVE-1999-0866
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
1999-12-01
Medium
CVE-1999-0823
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
Medium
CVE-1999-0826
Buffer overflow in FreeBSD angband allows local users to gain privileges.
Critical
CVE-1999-0834
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
Medium
CVE-1999-0838
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.
Critical
CVE-1999-0853
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
High
CVE-1999-0855
Buffer overflow in FreeBSD gdc program.
1999-11-30
Critical
CVE-1999-0822
Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.