Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31875 | 1 Cesanta | 1 Mongooseos Mjs | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact." | |||||
| CVE-2010-5331 | 1 Linux | 1 Linux Kernel | 2024-04-11 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used | |||||
| CVE-2024-1441 | 2024-04-01 | N/A | 5.5 MEDIUM | ||
| An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. | |||||
| CVE-2024-23849 | 1 Linux | 1 Linux Kernel | 2024-03-25 | N/A | 5.5 MEDIUM |
| In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. | |||||
| CVE-2004-0005 | 1 Gaim Project | 1 Gaim | 2024-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte. | |||||
| CVE-2004-0342 | 1 Wftpd Pro Server Project | 1 Wftpd Pro Server | 2024-02-16 | 2.1 LOW | 5.5 MEDIUM |
| WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | |||||
| CVE-2003-0356 | 1 Ethereal | 1 Ethereal | 2024-02-16 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. | |||||
| CVE-2023-28709 | 3 Apache, Debian, Netapp | 3 Tomcat, Debian Linux, 7-mode Transition Tool | 2024-02-16 | N/A | 7.5 HIGH |
| The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. | |||||
| CVE-2001-0609 | 1 Infodrom | 1 Cfingerd | 2024-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | |||||
| CVE-2002-1745 | 1 Microsoft | 1 Internet Information Services | 2024-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | |||||
| CVE-2002-1816 | 1 Redshift | 1 Atphttpd | 2024-02-15 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2006-4574 | 1 Wireshark | 1 Wireshark | 2024-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. | |||||
| CVE-2002-1721 | 1 Pldaniels | 1 Altermime | 2024-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte. | |||||
| CVE-2003-0625 | 1 Hadrons | 1 Xfstt | 2024-02-15 | 6.4 MEDIUM | 7.5 HIGH |
| Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | |||||
| CVE-2003-0466 | 7 Apple, Freebsd, Netbsd and 4 more | 8 Mac Os X, Mac Os X Server, Freebsd and 5 more | 2024-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | |||||
| CVE-2001-1496 | 1 Acme | 1 Thttpd | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2021-3156 | 8 Beyondtrust, Debian, Fedoraproject and 5 more | 27 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 24 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | |||||
| CVE-2003-0252 | 1 Linux-nfs | 1 Nfs-utils | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | |||||
| CVE-2001-1391 | 1 Linux | 1 Linux Kernel | 2024-02-02 | 2.1 LOW | 5.5 MEDIUM |
| Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | |||||
| CVE-2002-0083 | 9 Conectiva, Engardelinux, Immunix and 6 more | 11 Linux, Secure Linux, Immunix and 8 more | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. | |||||