Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4222 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email.
|
|||||
| CVE-2007-6436 | 1 Justsystem | 1 Ichitaro | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0629 | 1 Mplayer | 1 Mplayer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title.
|
|||||
| CVE-2007-1217 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
|
|||||
| CVE-2008-6005 | 1 W3c | 1 Amaya Web Browser | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs.
|
|||||
| CVE-2009-1643 | 1 Sorinara | 1 Soritong Mp3 Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
|
|||||
| CVE-2008-0554 | 1 Netpbm | 1 Netpbm | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
|
|||||
| CVE-2006-6696 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
|
|||||
| CVE-2008-4834 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
|
|||||
| CVE-2009-3459 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-0950 | 1 Apple | 1 Itunes | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
|
|||||
| CVE-2007-5755 | 1 Aol | 1 Radio | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
|
|||||
| CVE-2007-5246 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.
|
|||||
| CVE-2009-2878 | 1 Cisco | 1 Webex | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.
|
|||||
| CVE-2008-2548 | 1 Motorola | 1 Razr | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.
|
|||||
| CVE-2008-5409 | 3 Bitdefender, Bullguard, Software602 | 4 Antivirus, Bitdefender, Internet Security and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-4657 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
|
|||||
| CVE-2009-0009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
|
|||||
| CVE-2007-6008 | 1 Autonomy | 3 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-3976 | 1 Labtam-inc | 1 Proftp | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).
|
|||||
| CVE-2007-4821 | 1 Edraw | 1 Office Viewer Component | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
|
|||||
| CVE-2006-5142 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.
|
|||||
| CVE-2009-1227 | 1 Checkpoint | 1 Firewall-1 Pki Web Service | 2025-04-09 | 10.0 HIGH | N/A |
|
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with a ...
Show More |
|||||
| CVE-2008-0639 | 2 Microsoft, Novell | 2 Windows, Client | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.
|
|||||
| CVE-2009-1098 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
|
|||||
| CVE-2006-5269 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface.
|
|||||
| CVE-2007-3286 | 1 Avaya | 1 Ip Soft Phone | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2008-6703 | 1 Stalker-game | 1 S.t.a.l.k.e.r.\ | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.
|
|||||
| CVE-2008-4547 | 1 Dvrstation | 1 Dvrstation Cms | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method.
|
|||||
| CVE-2009-3253 | 1 Tricerasoft | 1 Swift Ultralite | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
|
|||||
| CVE-2007-4642 | 1 Doomsday | 1 Doomsday | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
|
|||||
| CVE-2008-2468 | 1 Landesk | 3 Landesk Management Suite, Landesk Security Suite, Landesk Server Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.
|
|||||
| CVE-2008-4396 | 1 Safer Networking | 1 Filealyzer | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data.
|
|||||
| CVE-2007-2984 | 1 Media Technology Group | 1 Cdpass Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the GetTOC2 method.
|
|||||
| CVE-2007-6258 | 2 Apache, F5 | 2 Mod Jk, Big-ip | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
|
|||||
| CVE-2009-2286 | 1 James Ashton | 1 Compface | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.
|
|||||
| CVE-2008-1188 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
|
|||||
| CVE-2009-0840 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.
|
|||||
| CVE-2007-6175 | 1 Lhaplus | 1 Lhaplus | 2025-04-09 | 6.6 MEDIUM | N/A |
|
Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.
|
|||||
| CVE-2009-3849 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
|
|||||