Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6846 | 1 Avast | 1 Avast Antivirus | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.
|
|||||
| CVE-2007-6204 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
|
|||||
| CVE-2009-2727 | 1 Ibm | 1 Aix | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
|
|||||
| CVE-2009-2568 | 1 Sorinara | 1 Streaming Audio Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
|
|||||
| CVE-2007-6265 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
|
|||||
| CVE-2008-3242 | 1 Ppmate | 1 Ppmedia Class | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1056 | 1 Symark | 1 Powerbroker | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.
|
|||||
| CVE-2008-2407 | 1 Ceruleanstudios | 1 Trillian | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.
|
|||||
| CVE-2009-2414 | 1 Xmlsoft | 2 Libxml, Libxml2 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
|
|||||
| CVE-2008-0220 | 1 Gateway | 2 Cweblaunchctl Activex Control, Weblaunch | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5814 | 1 Sonicwall | 1 Ssl Vpn | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.
|
|||||
| CVE-2009-0450 | 1 Blazevideo | 1 Hdtv Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.
|
|||||
| CVE-2009-1176 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-09 | 10.0 HIGH | N/A |
|
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
|
|||||
| CVE-2007-5245 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function.
|
|||||
| CVE-2008-0619 | 1 Nero | 1 Mediaplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
|
|||||
| CVE-2008-3066 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.
|
|||||
| CVE-2007-4743 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 10.0 HIGH | N/A |
|
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
|
|||||
| CVE-2008-3658 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
|
|||||
| CVE-2009-0833 | 2 Myplugins, Nullsoft | 2 Gen Msn, Winamp | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3623 | 2 Apple, Microsoft | 3 Safari, Windows, Windows Vista | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
|
|||||
| CVE-2007-0734 | 1 Apple | 2 Airport Extreme, Mac Os X | 2025-04-09 | 5.4 MEDIUM | N/A |
|
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.
|
|||||
| CVE-2009-1675 | 1 Electrasoft | 1 32bit Ftp | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.
|
|||||
| CVE-2007-6532 | 1 Xfce | 1 Xfce | 2025-04-09 | 10.0 HIGH | N/A |
|
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
|
|||||
| CVE-2006-5646 | 1 Sophos | 2 Anti-virus, Endpoint Security | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0.
|
|||||
| CVE-2008-1017 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
|
|||||
| CVE-2008-6415 | 1 Youngzsoft | 1 Ccproxy | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.
|
|||||
| CVE-2008-1189 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.
|
|||||
| CVE-2008-1040 | 1 Fujitsu | 6 Interstage Application Server Enterprise, Interstage Application Server Standard J, Interstage Apworks Enterprise and 3 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.
|
|||||
| CVE-2008-2242 | 2 Broadcom, Ca | 2 Brightstor Arcserve Backup, Brightstor Arcserve Backup | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.
|
|||||
| CVE-2006-6418 | 1 Hp | 1 Tru64 | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREAD_CONFIG environment variable.
|
|||||
| CVE-2009-3234 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.
|
|||||
| CVE-2009-1236 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
|
|||||
| CVE-2006-7157 | 1 Google | 1 Earth | 2025-04-09 | 7.1 HIGH | N/A |
|
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
|
|||||
| CVE-2008-7162 | 1 Heroshare | 1 Hero Super Player 3000 | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
|
|||||
| CVE-2009-3050 | 1 Htmldoc | 1 Htmldoc | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.
|
|||||
| CVE-2009-2997 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-5764 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
|
|||||
| CVE-2007-5116 | 6 Debian, Larry Wall, Mandrakesoft and 3 more | 10 Debian Linux, Perl, Mandrake Linux and 7 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
|
|||||
| CVE-2007-4267 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.
|
|||||
| CVE-2007-5937 | 2 Tetex, Tug | 2 Tetex, Texlive 2007 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
|
|||||