SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Max CVSS
8.1
EPSS Score
92.34%
Published
2018-12-21
Updated
2021-07-31
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Max CVSS
10.0
EPSS Score
0.61%
Published
2005-12-31
Updated
2018-10-19
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
Max CVSS
10.0
EPSS Score
5.47%
Published
2005-01-10
Updated
2017-10-11
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
Max CVSS
10.0
EPSS Score
2.21%
Published
2005-01-10
Updated
2017-10-11
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Max CVSS
10.0
EPSS Score
11.69%
Published
2004-12-31
Updated
2017-10-11
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Max CVSS
10.0
EPSS Score
11.65%
Published
2005-01-27
Updated
2017-10-11
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
Max CVSS
10.0
EPSS Score
74.20%
Published
2005-01-27
Updated
2018-05-03
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
Max CVSS
10.0
EPSS Score
0.79%
Published
2003-06-16
Updated
2017-10-11
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
Max CVSS
10.0
EPSS Score
0.85%
Published
2003-02-19
Updated
2024-02-02
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
Max CVSS
10.0
EPSS Score
0.87%
Published
2002-03-15
Updated
2024-02-02
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.
Max CVSS
10.0
EPSS Score
4.50%
Published
2001-03-26
Updated
2017-10-10
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.
Max CVSS
10.0
EPSS Score
4.25%
Published
2001-03-26
Updated
2017-10-10
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.
Max CVSS
10.0
EPSS Score
2.10%
Published
2000-01-08
Updated
2017-07-11
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
Max CVSS
10.0
EPSS Score
1.07%
Published
2000-01-08
Updated
2017-07-11
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
Max CVSS
10.0
EPSS Score
0.54%
Published
2000-12-11
Updated
2017-10-10

CVE-2000-0917

Public exploit
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
Max CVSS
10.0
EPSS Score
95.71%
Published
2000-12-19
Updated
2017-10-10
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
Max CVSS
10.0
EPSS Score
0.48%
Published
2000-11-14
Updated
2018-10-30
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
8.05%
Published
2000-07-16
Updated
2018-05-03
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
1.90%
Published
2000-05-16
Updated
2020-01-21
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
1.90%
Published
2000-05-16
Updated
2020-01-21
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
3.70%
Published
2000-05-16
Updated
2020-01-21

CVE-2000-0322

Public exploit
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
Max CVSS
10.0
EPSS Score
23.67%
Published
2000-04-24
Updated
2016-09-17

CVE-2000-0248

Public exploit
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
Max CVSS
10.0
EPSS Score
1.33%
Published
2000-04-24
Updated
2008-09-10
An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.
Max CVSS
10.0
EPSS Score
0.44%
Published
2000-01-21
Updated
2022-08-17
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
Max CVSS
10.0
EPSS Score
4.53%
Published
1999-12-21
Updated
2022-08-17
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!