Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4227 | 1 Xfig | 1 Xfig | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1915 | 1 Icq | 1 Icq | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
|
|||||
| CVE-2009-0220 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
|
|||||
| CVE-2008-1403 | 1 Bootmanage | 2 Administrator, Tftpd | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename.
|
|||||
| CVE-2008-1092 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Xp and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
|
|||||
| CVE-2008-3108 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
|
|||||
| CVE-2008-1611 | 1 Tftp-server | 1 Winagents Tftp Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
|
|||||
| CVE-2007-5601 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
|
|||||
| CVE-2007-5690 | 1 Asterisk | 1 Zaptel | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed
|
|||||
| CVE-2007-4943 | 1 Baofeng | 1 Storm | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6881 | 1 Stavros Markou | 1 Atmelwlandriver | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument.
|
|||||
| CVE-2009-2175 | 1 Henning Makholm | 1 Xcftools | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5282 | 1 W3c | 1 Amaya Web Browser | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
|
|||||
| CVE-2009-0443 | 1 Elecard | 1 Elecard Avc Hd Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL.
|
|||||
| CVE-2007-5252 | 1 Netsupport | 2 Netsupport Manager Client, Netsupport School Student | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor statement, which is too vague to be sure that it is for this particular issue, says that only a denial of service is possible.
|
|||||
| CVE-2006-3448 | 1 Microsoft | 1 Step-by-step Interactive Training | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
|
|||||
| CVE-2008-1161 | 1 Matroska | 1 Demuxer | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.
|
|||||
| CVE-2008-3635 | 3 Apple, Intel, Microsoft | 5 Quicktime, Indeo, Windows-nt and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
|
|||||
| CVE-2009-1633 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-09 | 7.1 HIGH | N/A |
|
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
|
|||||
| CVE-2008-0924 | 1 Novell | 1 Edirectory | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.
|
|||||
| CVE-2009-0569 | 1 Rimarts | 1 Becky\! Internet Mail | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request.
|
|||||
| CVE-2008-3558 | 1 Cisco | 1 Webex Meeting Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.
|
|||||
| CVE-2009-0951 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.
|
|||||
| CVE-2008-1104 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.
|
|||||
| CVE-2009-1328 | 1 Mini-stream | 1 Rm-mp3 Converter | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
|
|||||
| CVE-2007-5769 | 1 Netkit-ftp | 1 Netkit Ftp | 2025-04-09 | 10.0 HIGH | N/A |
|
Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263.
|
|||||
| CVE-2007-4776 | 1 Microsoft | 1 Visual Basic | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
|
|||||
| CVE-2006-5552 | 1 Revilloc Solutions | 1 Revilloc Mailserver | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a long argument to the (1) MAIL FROM or (2) RCPT TO command.
|
|||||
| CVE-2007-3039 | 1 Microsoft | 3 Message Queuing, Windows 2000, Windows Xp | 2025-04-09 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
|
|||||
| CVE-2009-1759 | 1 Rahul | 2 Ctorrent, Dtorrent | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
|
|||||
| CVE-2007-0988 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
|
|||||
| CVE-2009-2817 | 1 Apple | 1 Itunes | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
|
|||||
| CVE-2007-1037 | 1 Rsbr-software | 1 News File Grabber | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-4020 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
|
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
|
|||||
| CVE-2009-4482 | 1 Tversity | 1 Tversity | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by the vd_tversity module in VulnDisco Pack Professional 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2009-4049 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2025-04-09 | 7.2 HIGH | N/A |
|
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
|
|||||
| CVE-2008-0127 | 1 Mcafee | 1 E-business Server | 2025-04-09 | 8.8 HIGH | N/A |
|
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
|
|||||
| CVE-2007-4666 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
|
|||||
| CVE-2008-0882 | 1 Cups | 1 Cups | 2025-04-09 | 10.0 HIGH | N/A |
|
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5092 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.
|
|||||