Export limit exceeded: 21107 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21107 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1583 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. | ||||
| CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2026-04-16 | 9.8 Critical |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | ||||
| CVE-2004-0574 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Nt and 1 more | 2026-04-16 | N/A |
| The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | ||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2026-04-16 | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | ||||
| CVE-2004-1287 | 2 Nasm, Redhat | 2 Netwide Assembler, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194. | ||||
| CVE-2004-0978 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 98se and 4 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | ||||
| CVE-2006-3897 | 1 Microsoft | 2 Internet Explorer, Windows 2000 | 2026-04-16 | N/A |
| Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. | ||||
| CVE-2005-2368 | 2 Redhat, Vim Development Group | 2 Enterprise Linux, Vim | 2026-04-16 | N/A |
| vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. | ||||
| CVE-2003-1396 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | ||||
| CVE-2005-0560 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | N/A |
| Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. | ||||
| CVE-2003-0870 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name. | ||||
| CVE-2004-1189 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2026-04-16 | N/A |
| The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow. | ||||
| CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2026-04-16 | N/A |
| phf CGI program allows remote command execution through shell metacharacters. | ||||
| CVE-2003-0041 | 3 Mandrakesoft, Mit, Redhat | 5 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 2 more | 2026-04-16 | N/A |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | ||||
| CVE-2026-5444 | 2 Orthanc, Orthanc-server | 2 Dicom Server, Orthanc | 2026-04-15 | 7.1 High |
| A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing. | ||||
| CVE-2026-5442 | 2 Orthanc, Orthanc-server | 2 Dicom Server, Orthanc | 2026-04-15 | 9.8 Critical |
| A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding. | ||||
| CVE-2019-8922 | 3 Bluez, Debian, Linux | 3 Bluez, Debian Linux, Linux Kernel | 2026-04-15 | 8.8 High |
| A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. | ||||
| CVE-2019-5482 | 7 Debian, Fedoraproject, Haxx and 4 more | 24 Debian Linux, Fedora, Curl and 21 more | 2026-04-15 | 9.8 Critical |
| Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | ||||
| CVE-2019-5436 | 8 Debian, F5, Fedoraproject and 5 more | 15 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 12 more | 2026-04-15 | 7.8 High |
| A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | ||||
| CVE-2026-20616 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-15 | 8.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination. | ||||