Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-23 | CVE-2002-1357 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-119 critical | 10.0 |
| 2002-10-28 | CVE-2002-1222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Catos Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. | 7.1 |
| 2002-10-28 | CVE-2002-1200 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oneidentity Syslog-Ng Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
| 2002-10-11 | CVE-2002-1174 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function. | 7.5 |
| 2002-08-12 | CVE-2002-0813 | Buffer Errors vulnerability in Cisco IOS 11.1/11.2/11.3 Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. | 7.1 |
| 2002-08-12 | CVE-2002-0649 | Buffer Errors vulnerability in Microsoft Data Engine and SQL Server Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. | 7.5 |
| 2002-03-15 | CVE-2002-0070 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. | 7.6 |
| 2002-03-08 | CVE-2002-0053 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. | 7.5 |
| 2001-12-31 | CVE-2001-1582 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Solaris and Sunos Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap. | 7.2 |
| 2001-12-31 | CVE-2001-1539 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 6.0.2900 Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. | 5.0 |