Show filters
21 Total Results
Displaying 11-20 of 21
Sort by:
Attacker Value
Unknown
CVE-2018-7514
Disclosure Date: April 17, 2018 (last updated November 26, 2024)
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
0
Attacker Value
Unknown
CVE-2014-7169
Disclosure Date: September 25, 2014 (last updated July 25, 2024)
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
0
Attacker Value
Unknown
CVE-2014-4027
Disclosure Date: June 23, 2014 (last updated October 05, 2023)
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
0
Attacker Value
Unknown
CVE-2014-0196
Disclosure Date: May 07, 2014 (last updated December 20, 2024)
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
0
Attacker Value
Unknown
CVE-2014-0101
Disclosure Date: March 11, 2014 (last updated October 05, 2023)
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
0
Attacker Value
Unknown
CVE-2013-0936
Disclosure Date: March 28, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smarts MPLS Manager before 9.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
0
Attacker Value
Unknown
CVE-2012-3163
Disclosure Date: October 17, 2012 (last updated October 05, 2023)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
0
Attacker Value
Unknown
CVE-2008-6564
Disclosure Date: March 31, 2009 (last updated October 04, 2023)
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.
0
Attacker Value
Unknown
CVE-2007-2489
Disclosure Date: May 03, 2007 (last updated October 04, 2023)
Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.
0
Attacker Value
Unknown
CVE-2007-2490
Disclosure Date: May 03, 2007 (last updated October 04, 2023)
Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets.
0