Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
Max CVSS
5.0
EPSS Score
0.42%
Published
2004-08-18
Updated
2017-07-11
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
Max CVSS
5.0
EPSS Score
93.08%
Published
2004-08-06
Updated
2018-05-03
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.
Max CVSS
5.0
EPSS Score
1.54%
Published
2004-12-06
Updated
2017-07-11
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.
Max CVSS
5.0
EPSS Score
1.30%
Published
2004-12-06
Updated
2017-07-11
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
Max CVSS
5.0
EPSS Score
2.56%
Published
2004-12-06
Updated
2017-10-11
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
Max CVSS
5.0
EPSS Score
2.27%
Published
2004-12-06
Updated
2017-10-11
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
Max CVSS
5.0
EPSS Score
2.21%
Published
2004-12-06
Updated
2017-10-11
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Max CVSS
5.0
EPSS Score
2.90%
Published
2004-12-23
Updated
2017-07-11
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Max CVSS
5.0
EPSS Score
0.88%
Published
2004-09-16
Updated
2022-09-23
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Max CVSS
5.0
EPSS Score
96.35%
Published
2005-01-27
Updated
2017-10-11
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
Max CVSS
5.0
EPSS Score
4.05%
Published
2005-01-27
Updated
2017-10-11
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
Max CVSS
5.0
EPSS Score
2.42%
Published
2005-03-01
Updated
2018-10-03
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.87%
Published
2005-04-14
Updated
2017-07-11
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
Max CVSS
5.0
EPSS Score
0.34%
Published
2005-03-01
Updated
2023-10-30
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
Max CVSS
5.0
EPSS Score
0.87%
Published
2005-04-14
Updated
2017-07-11
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
Max CVSS
5.0
EPSS Score
0.87%
Published
2005-04-14
Updated
2017-07-11
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
Max CVSS
5.0
EPSS Score
0.87%
Published
2005-04-14
Updated
2017-07-11
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
Max CVSS
5.0
EPSS Score
0.87%
Published
2005-04-14
Updated
2017-07-11
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.
Max CVSS
5.0
EPSS Score
0.36%
Published
2005-01-10
Updated
2017-07-11
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
Max CVSS
5.0
EPSS Score
0.32%
Published
2005-04-14
Updated
2017-07-11
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
Max CVSS
5.0
EPSS Score
4.52%
Published
2004-12-31
Updated
2022-02-28
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
Max CVSS
5.5
EPSS Score
0.04%
Published
2004-12-31
Updated
2024-01-26
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
Max CVSS
5.0
EPSS Score
0.41%
Published
2005-05-02
Updated
2017-07-11
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
Max CVSS
5.0
EPSS Score
1.44%
Published
2005-03-14
Updated
2017-07-11
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
Max CVSS
5.1
EPSS Score
5.50%
Published
2005-03-07
Updated
2008-09-05
37 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!