Vulnerabilities > Numeric Errors
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-07-26 | CVE-2005-1852 | Numeric Errors vulnerability in multiple products Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | 7.5 |
2005-05-24 | CVE-2005-1704 | Numeric Errors vulnerability in GNU GDB Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | 4.6 |
2004-12-31 | CVE-2004-2731 | Numeric Errors vulnerability in Linux Kernel Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function. | 4.4 |
2003-06-16 | CVE-2003-0372 | Numeric Errors vulnerability in Nessus Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. | 4.6 |
2002-12-31 | CVE-2002-2419 | Numeric Errors vulnerability in Dctc Project Dctc 0.83.3 Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character. | 7.8 |
2002-12-31 | CVE-2002-2286 | Numeric Errors vulnerability in Apt-Www-Proxy 0.1 The parse-get function in utils.c for apt-www-proxy 0.1 allows remote attackers to cause a denial of service (crash) via an empty HTTP request, which causes a null dereference. | 5.0 |
2002-12-31 | CVE-2002-2245 | Numeric Errors vulnerability in Netbsd Ftpd ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session. | 5.0 |
2002-12-31 | CVE-2002-2235 | Numeric Errors vulnerability in Jelsoft Vbulletin member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks. | 5.0 |