Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3637 | 1 Icculus | 1 Alien Arena | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command.
|
|||||
| CVE-2009-3170 | 1 Aimp | 1 Aimp2 Audio Converter | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
|
|||||
| CVE-2009-3995 | 2 Nullsoft, Raphael Assenat | 2 Winamp, Libmikmod | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5691 | 1 Phonecian Casino | 1 Flashax | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
|
|||||
| CVE-2009-2450 | 1 Tallemu | 2 Online Armor Personal Firewall Av\+, Personal Firewall | 2025-04-09 | 7.2 HIGH | N/A |
|
The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.
|
|||||
| CVE-2008-2499 | 1 Ibm | 1 Lotus Sametime | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.
|
|||||
| CVE-2008-4504 | 1 Herosoft | 1 Hero Dvd Player | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a "long entry." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1326 | 1 Mini-stream | 1 Rm Downloader | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
|
|||||
| CVE-2008-3911 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.
|
|||||
| CVE-2008-5557 | 1 Php | 1 Php | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
|
|||||
| CVE-2007-2987 | 1 Zenturi | 1 Zenturi Programchecker | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.
|
|||||
| CVE-2008-2245 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
|
|||||
| CVE-2007-6114 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.
|
|||||
| CVE-2006-6396 | 1 Blazevideo | 1 Hdtv Player | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. NOTE: it was later reported that 3.5 is also affected.
|
|||||
| CVE-2009-0254 | 1 Easyhdr | 1 Easyhdr | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0245 | 1 Openoffice | 1 Openoffice | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
|
|||||
| CVE-2008-1015 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
|
|||||
| CVE-2008-0532 | 1 Cisco | 3 Acs For Windows, Acs Solution Engine, User Changeable Password | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
|
|||||
| CVE-2008-0100 | 1 White Dune | 1 White Dune | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.
|
|||||
| CVE-2008-2149 | 1 Wordnet | 1 Wordnet | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.
|
|||||
| CVE-2007-6254 | 1 Sap | 1 Business Objects | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2009-2406 | 1 Linux | 2 Kernel, Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.
|
|||||
| CVE-2008-0477 | 1 Move Networks Inc | 1 Move Media Player | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1573 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
|
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
|
|||||
| CVE-2008-7009 | 1 Checkpoint | 1 Zonealarm | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1667 | 1 Mini-stream | 1 Castripper | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
|
|||||
| CVE-2007-4675 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
|
|||||
| CVE-2008-3639 | 1 Apple | 1 Cups | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
|
|||||
| CVE-2007-0444 | 1 Citrix | 2 Metaframe, Metaframe Presentation Server | 2025-04-09 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
|
|||||
| CVE-2008-1108 | 1 Gnome | 1 Evolution | 2025-04-09 | 7.6 HIGH | N/A |
|
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
|
|||||
| CVE-2008-0610 | 1 Ultravnc | 1 Ultravnc | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.
|
|||||
| CVE-2009-3711 | 1 Jasper | 1 Httpdx | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2007-5048 | 1 Lhaplus | 1 Lhaplus | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
|
|||||
| CVE-2008-4116 | 1 Apple | 2 Itunes, Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.
|
|||||
| CVE-2009-0839 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.
|
|||||
| CVE-2008-1922 | 1 Sarg | 1 Squid Analysis Report Generator | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.
|
|||||
| CVE-2007-4814 | 1 Microsoft | 1 Sql Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
|
|||||
| CVE-2007-6026 | 1 Microsoft | 6 Jet, Office, Windows 2000 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
|
|||||
| CVE-2007-4584 | 1 Bitchx | 1 Bitchx | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
|
|||||
| CVE-2007-5583 | 1 Cisco | 1 Ip Phone 7940 | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
|
|||||