| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
| The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. |
| Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. |
| Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. |
| Delete or create a file via rpc.statd, due to invalid information. |
| Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. |
| The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
| rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. |
| BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
| IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179). |
| Local user gains root privileges via buffer overflow in rdist, via lookup() function. |
| IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. |
