A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
Max CVSS
7.1
EPSS Score
31.75%
Published
2018-03-02
Updated
2022-04-19
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
Max CVSS
6.5
EPSS Score
1.27%
Published
2016-04-19
Updated
2018-10-30
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
Max CVSS
4.9
EPSS Score
0.06%
Published
2015-03-12
Updated
2018-10-30
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
Max CVSS
7.2
EPSS Score
93.25%
Published
2007-10-11
Updated
2018-10-15
The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.
Max CVSS
7.8
EPSS Score
0.92%
Published
2007-11-15
Updated
2008-09-05
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-12-14
Updated
2008-09-05
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-12-14
Updated
2008-09-05
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
Max CVSS
5.0
EPSS Score
0.52%
Published
2005-12-31
Updated
2018-10-19
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Max CVSS
10.0
EPSS Score
0.61%
Published
2005-12-31
Updated
2018-10-19
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
Max CVSS
5.0
EPSS Score
5.72%
Published
2005-03-15
Updated
2018-10-03
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
Max CVSS
10.0
EPSS Score
33.20%
Published
2005-01-10
Updated
2018-05-03
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.
Max CVSS
1.2
EPSS Score
0.04%
Published
2005-01-10
Updated
2017-07-11
Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.
Max CVSS
6.4
EPSS Score
0.16%
Published
2005-01-10
Updated
2017-10-11
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
Max CVSS
10.0
EPSS Score
5.32%
Published
2005-01-10
Updated
2018-10-30
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-01-10
Updated
2018-05-03
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
Max CVSS
5.0
EPSS Score
0.33%
Published
2005-03-01
Updated
2017-07-11
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
Max CVSS
5.0
EPSS Score
2.42%
Published
2005-03-01
Updated
2018-10-03
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
Max CVSS
5.0
EPSS Score
0.54%
Published
2005-01-10
Updated
2019-12-17
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
Max CVSS
5.0
EPSS Score
96.35%
Published
2005-01-27
Updated
2017-10-11
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
Max CVSS
10.0
EPSS Score
8.82%
Published
2005-01-27
Updated
2017-10-11
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
Max CVSS
10.0
EPSS Score
4.64%
Published
2005-01-27
Updated
2017-07-11
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
Max CVSS
10.0
EPSS Score
7.00%
Published
2005-01-27
Updated
2017-10-11
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
Max CVSS
6.4
EPSS Score
10.59%
Published
2005-01-10
Updated
2017-10-11
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
Max CVSS
7.5
EPSS Score
4.39%
Published
2004-09-16
Updated
2017-10-11
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
Max CVSS
1.2
EPSS Score
0.12%
Published
2004-12-23
Updated
2017-10-11
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!