Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1039 | 1 Cdexos | 1 Cdex | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
|
|||||
| CVE-2009-0844 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
|
|||||
| CVE-2008-1809 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."
|
|||||
| CVE-2008-5234 | 1 Xine | 1 Xine-lib | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
|
|||||
| CVE-2008-6252 | 1 Smcfancontrol | 1 Smcfancontrol | 2025-04-09 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option.
|
|||||
| CVE-2009-1449 | 1 Coolplayer | 1 Coolplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter. NOTE: this may overlap CVE-2008-5735.
|
|||||
| CVE-2009-0812 | 1 Bpsoft | 1 Hex Workshop | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6922 | 1 Youngzsoft | 1 Cmailserver | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc ...
Show More |
|||||
| CVE-2007-6015 | 1 Samba | 1 Samba | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
|
|||||
| CVE-2009-3846 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.
|
|||||
| CVE-2009-2479 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.8 HIGH | N/A |
|
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
|
|||||
| CVE-2007-1083 | 1 Verisign | 1 Mpki | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
|
|||||
| CVE-2007-0886 | 1 Gecad Technologies | 1 Axigen Mail Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
|
|||||
| CVE-2006-6293 | 1 F-prot | 1 F-prot Antivirus | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
|
|||||
| CVE-2008-0727 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 8.5 HIGH | N/A |
|
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
|
|||||
| CVE-2007-6478 | 1 Rosoftengineering | 1 Rosoft Media Player | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5616 | 1 Mplayer | 1 Mplayer | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
|
|||||
| CVE-2009-1497 | 1 Gomlab | 1 Gom Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.
|
|||||
| CVE-2009-0476 | 1 Multimediasoft | 5 Audio Dj Studio For .net, Audio Sound Editer For .net, Audio Sound Recorder For .net and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5358 | 1 Digium | 1 Asterisk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
|
|||||
| CVE-2008-0634 | 1 Sejoong Namo | 2 Activesquare, Namoinstall.1 Activex Control | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551.
|
|||||
| CVE-2009-4265 | 1 Pointdev | 1 Ideal Administration 2009 | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.
|
|||||
| CVE-2008-1052 | 1 Netwin | 1 Surgeftp | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
|
|||||
| CVE-2008-0958 | 1 Nctsoft | 1 Nctaudioeditor Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2009-0146 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
|
|||||
| CVE-2008-2021 | 1 Lhaplus | 1 Lhaplus | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Lhaplus before 1.57 allows remote attackers to execute arbitrary code via a long comment field in a ZOO archive.
|
|||||
| CVE-2009-0909 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.
|
|||||
| CVE-2008-1444 | 1 Microsoft | 6 Directx, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
|
|||||
| CVE-2007-5325 | 1 Broadcom | 2 Brightstor Arcserve Backup, Brightstor Enterprise Backup | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2008-3854 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.
|
|||||
| CVE-2008-0247 | 1 Ibm | 1 Tivoli Storage Manager Express | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.
|
|||||
| CVE-2008-4588 | 1 Etype | 1 Eserv | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.
|
|||||
| CVE-2008-7103 | 1 Najdi.si | 1 Toolbar | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.
|
|||||
| CVE-2008-2910 | 1 Muvee | 1 Autoproducer | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text-Effect DXT Filter), as distributed in TextOut.dll 6.0.18.1 and mvtextout.dll, in muvee autoProducer 6.0 and 6.1 allows remote attackers to execute arbitrary code via a long FontSetting property value.
|
|||||
| CVE-2008-0364 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
|
|||||
| CVE-2008-0955 | 1 Creative | 1 Creative Software Autoupdate Engine | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.
|
|||||
| CVE-2009-0305 | 2 Microsoft, Research In Motion Limited | 2 Internet Explorer, Blackberry Application Web Loader | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.
|
|||||
| CVE-2009-0590 | 2 Debian, Openssl | 2 Debian Linux, Openssl | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
|
|||||
| CVE-2007-5767 | 1 Novell | 1 Bordermanager | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character.
|
|||||
| CVE-2008-6821 | 1 Ibm | 1 Db2 | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
|
|||||