Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0096 | 1 Georgia Softworks | 1 Ssh2 Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.
|
|||||
| CVE-2008-1959 | 1 Sipp | 1 Sipp | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0225 | 1 Xine | 1 Xine-lib | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6009 | 1 Acdsee | 3 Photo Editor, Photo Manager, Pro Photo Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.
|
|||||
| CVE-2007-1592 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.
|
|||||
| CVE-2008-6899 | 1 Freesshd | 1 Freesshd | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.
|
|||||
| CVE-2007-1938 | 1 Ichitaro | 1 Ichitaro | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS).
|
|||||
| CVE-2009-1515 | 1 Christos Zoulas | 1 File | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0311 | 1 Borland | 1 Caliberrm | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
|
|||||
| CVE-2009-4486 | 1 Novell | 1 Imanager | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema.
|
|||||
| CVE-2008-4564 | 3 Autonomy, Ibm, Symantec | 10 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 7 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
|
|||||
| CVE-2007-6341 | 1 Net Dns | 1 Net Dns | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
|
|||||
| CVE-2009-4117 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2896 | 1 Kde | 1 Kmplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6699 | 1 Aol | 1 Ygp Piceditor Activex Control | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values.
|
|||||
| CVE-2007-4337 | 1 Streamripper | 1 Streamripper | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.
|
|||||
| CVE-2008-0659 | 2 Aurigma, Myspace | 2 Image Uploader Activex Control, Myspaceuploader | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.
|
|||||
| CVE-2008-7249 | 1 Pedro Lineu Orso | 1 Sarg | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.
|
|||||
| CVE-2008-0006 | 2 Sun, X.org | 3 Solaris Libfont, Solaris Libxfont, Xserver | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
|
|||||
| CVE-2009-2203 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
|
|||||
| CVE-2007-3901 | 1 Microsoft | 5 Directx, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 8.5 HIGH | N/A |
|
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
|
|||||
| CVE-2007-6631 | 1 Lscube | 1 Libnemesi | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) ...
Show More |
|||||
| CVE-2009-0898 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.
|
|||||
| CVE-2008-2377 | 1 Gnu | 1 Gnutls | 2025-04-09 | 7.6 HIGH | N/A |
|
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
|
|||||
| CVE-2007-4561 | 1 Realnetworks | 1 Helix Dna Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
|
|||||
| CVE-2007-4730 | 1 X.org | 1 Xorg-server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
|
|||||
| CVE-2008-6679 | 1 Ghostscript | 1 Ghostscript | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
|
|||||
| CVE-2009-1351 | 1 Heikki Ylinen | 1 Apollo | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
|
|||||
| CVE-2009-2767 | 1 Linux | 2 Kernel, Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.
|
|||||
| CVE-2007-0670 | 1 Ibm | 1 Aix | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
|
|||||
| CVE-2007-1579 | 1 Atrium Software | 2 Mercur Imapd, Mercur Messaging 2005 | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
|
|||||
| CVE-2008-3257 | 3 Bea, Bea Systems, Oracle | 4 Weblogic Server, Apache Connector In Weblogic Server, Weblogic Server and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
|
|||||
| CVE-2007-2459 | 1 Tony Cook | 1 Imager | 2025-04-09 | 7.8 HIGH | N/A |
|
Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
|
|||||
| CVE-2007-0061 | 2 Canonical, Vmware | 6 Ubuntu Linux, Ace, Esx and 3 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
|
|||||
| CVE-2008-2214 | 1 Castle Rock | 1 Snmpc | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
|
|||||
| CVE-2009-2570 | 1 Symantec | 1 Winfax Pro | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method.
|
|||||
| CVE-2008-5753 | 1 Bpftp | 1 Bulletproof Ftp Client | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
|
|||||
| CVE-2009-0953 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
|
|||||
| CVE-2009-0449 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.
|
|||||
| CVE-2007-3333 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
|
|||||