Search Results (4205 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2935 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2026-04-16 N/A
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
CVE-2006-3918 4 Apache, Canonical, Debian and 1 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2026-04-16 N/A
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2006-2275 3 Canonical, Lksctp, Redhat 3 Ubuntu Linux, Stream Control Transmission Protocol, Enterprise Linux 2026-04-16 7.5 High
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
CVE-2005-2492 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2026-04-16 N/A
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
CVE-2005-1260 5 Apple, Bzip, Canonical and 2 more 5 Mac Os X, Bzip2, Ubuntu Linux and 2 more 2026-04-16 N/A
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVE-2004-2154 3 Apple, Canonical, Redhat 3 Cups, Ubuntu Linux, Enterprise Linux 2026-04-16 9.8 Critical
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
CVE-2005-1111 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Cpio and 1 more 2026-04-16 4.7 Medium
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2005-0758 3 Canonical, Gnu, Redhat 3 Ubuntu Linux, Gzip, Enterprise Linux 2026-04-16 N/A
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
CVE-2005-1513 3 Canonical, Debian, Qmail Project 3 Ubuntu Linux, Debian Linux, Qmail 2026-04-16 9.8 Critical
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
CVE-2006-4482 4 Canonical, Debian, Php and 1 more 5 Ubuntu Linux, Debian Linux, Php and 2 more 2026-04-16 N/A
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
CVE-2004-1063 2 Canonical, Php 2 Ubuntu Linux, Php 2026-04-16 N/A
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVE-2004-1002 2 Canonical, Samba 2 Ubuntu Linux, Ppp 2026-04-16 7.5 High
Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
CVE-2006-4095 3 Apple, Canonical, Isc 4 Mac Os X, Mac Os X Server, Ubuntu Linux and 1 more 2026-04-16 7.5 High
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
CVE-2022-39177 3 Bluez, Canonical, Debian 3 Bluez, Ubuntu Linux, Debian Linux 2026-04-15 8.8 High
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
CVE-2022-39176 3 Bluez, Canonical, Debian 3 Bluez, Ubuntu Linux, Debian Linux 2026-04-15 8.8 High
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
CVE-2018-1000301 5 Canonical, Debian, Haxx and 2 more 15 Ubuntu Linux, Debian Linux, Curl and 12 more 2026-04-15 9.1 Critical
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
CVE-2018-16839 4 Canonical, Debian, Haxx and 1 more 4 Ubuntu Linux, Debian Linux, Curl and 1 more 2026-04-15 N/A
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2018-16842 4 Canonical, Debian, Haxx and 1 more 6 Ubuntu Linux, Debian Linux, Curl and 3 more 2026-04-15 N/A
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
CVE-2018-14618 4 Canonical, Debian, Haxx and 1 more 6 Ubuntu Linux, Debian Linux, Libcurl and 3 more 2026-04-15 N/A
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
CVE-2018-16890 8 Canonical, Debian, F5 and 5 more 11 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 8 more 2026-04-15 7.5 High
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.