Total
260779 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15811 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-02 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. | |||||
CVE-2016-10003 | 1 Squid-cache | 1 Squid | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. | |||||
CVE-2007-3268 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. | |||||
CVE-2007-2723 | 1 Media Player Classic | 1 Media Player Classic | 2024-02-02 | 7.1 HIGH | 5.5 MEDIUM |
Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error. | |||||
CVE-2007-2237 | 1 Microsoft | 1 Windows Xp | 2024-02-02 | 7.1 HIGH | 5.5 MEDIUM |
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. | |||||
CVE-2003-0252 | 1 Nfs | 1 Nfs-utils | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | |||||
CVE-2001-1391 | 1 Linux | 1 Linux Kernel | 2024-02-02 | 2.1 LOW | 5.5 MEDIUM |
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | |||||
CVE-2002-0083 | 9 Conectiva, Engardelinux, Immunix and 6 more | 11 Linux, Secure Linux, Immunix and 8 more | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | |||||
CVE-2002-0653 | 1 Mod Ssl | 1 Mod Ssl | 2024-02-02 | 4.6 MEDIUM | 7.8 HIGH |
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | |||||
CVE-2002-0844 | 1 Derek Price | 1 Cvsd | 2024-02-02 | 4.6 MEDIUM | 7.8 HIGH |
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | |||||
CVE-1999-1568 | 1 Ncftpd | 1 Ncftpd Ftp Server | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. | |||||
CVE-2004-0346 | 1 Proftpd Project | 1 Proftpd | 2024-02-02 | 7.2 HIGH | 7.8 HIGH |
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | |||||
CVE-2007-4988 | 1 Imagemagick | 1 Imagemagick | 2024-02-02 | 6.8 MEDIUM | 7.8 HIGH |
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. | |||||
CVE-2023-6864 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-02 | N/A | 8.8 HIGH |
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
CVE-2023-6862 | 2 Debian, Mozilla | 3 Debian Linux, Firefox Esr, Thunderbird | 2024-02-02 | N/A | 8.8 HIGH |
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. | |||||
CVE-2023-6861 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-02 | N/A | 8.8 HIGH |
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
CVE-2010-4577 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | |||||
CVE-2010-0258 | 1 Microsoft | 6 Excel, Office, Office Compatibility Pack and 3 more | 2024-02-02 | 9.3 HIGH | 7.8 HIGH |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." | |||||
CVE-2022-2639 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-02 | N/A | 7.8 HIGH |
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2007-4268 | 1 Apple | 1 Mac Os X | 2024-02-02 | 7.2 HIGH | 7.8 HIGH |
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. |