Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2238 | 1 Openoffice | 1 Openoffice.org | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
|
|||||
| CVE-2008-5229 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
|
|||||
| CVE-2009-1602 | 1 Pablosoftwaresolutions | 1 Quick\'n Easy Mail Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands.
|
|||||
| CVE-2009-4362 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1628 | 2 Microsoft, Unisys | 2 Windows, Business Information Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
|
|||||
| CVE-2007-5807 | 1 Ssreader | 1 Ultra Star Reader | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5281 | 1 South River Technologies | 1 Titan Ftp Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
|
|||||
| CVE-2008-0320 | 1 Openoffice | 1 Openoffice.org | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
|
|||||
| CVE-2008-4664 | 1 Qvod | 1 Qvod Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0152 | 1 Seattle Lab Software | 1 Slnet Rf Telnet Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode.
|
|||||
| CVE-2007-6092 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
|
|||||
| CVE-2009-1611 | 1 Electrasoft | 1 32bit Ftp | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command.
|
|||||
| CVE-2007-0777 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
|
|||||
| CVE-2006-4514 | 1 Libgsf | 1 Libgsf | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.
|
|||||
| CVE-2007-6245 | 1 Adobe | 1 Flash Player | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
|
|||||
| CVE-2009-2549 | 1 Bistudio | 2 Arma, Arma 2 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service via a join packet with a final field whose value is (1) 0, which triggers a server crash related to memory allocation, or (2) 1, which triggers CPU/memory consumption and a NULL pointer dereference.
|
|||||
| CVE-2008-3430 | 1 Eyeball Networks | 1 Eyeball Messenger Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
|
|||||
| CVE-2007-5082 | 1 Broadcom | 1 Brightstor Hierarchical Storage Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.
|
|||||
| CVE-2008-0586 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.
|
|||||
| CVE-2007-6697 | 1 Sdl | 1 Sdl Image | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6561 | 1 Pdflib | 1 Pdflib | 2025-04-09 | 5.7 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
|
|||||
| CVE-2009-2662 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
|
The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors.
|
|||||
| CVE-2009-2850 | 1 Nasa Goddard Space Flight Center | 1 Common Data Format | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions.
|
|||||
| CVE-2009-3560 | 3 Apache, Libexpat Project, Xmltwig | 3 Http Server, Libexpat, Xml-twig For Perl | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
|
|||||
| CVE-2007-0326 | 1 Photochannel | 1 Pni Digital Media Upload Plugin Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the PhotoChannel Networks PNI Digital Media Photo Upload Plugin ActiveX control before 2.0.0.10, as used by multiple retailers, allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2009-2433 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
|
|||||
| CVE-2008-4654 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
|
|||||
| CVE-2007-1819 | 1 Hp | 1 Mercury Quality Center | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
|
|||||
| CVE-2007-1214 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
|
|||||
| CVE-2009-3807 | 1 Mixvibes | 1 Mixvibes | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.
|
|||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate ...
Show More |
|||||
| CVE-2007-6255 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows Server 2003 and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
|
|||||
| CVE-2006-6134 | 1 Microsoft | 1 Windows Media Player | 2025-04-09 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
|
|||||
| CVE-2009-0017 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.
|
|||||
| CVE-2009-3952 | 1 Adobe | 1 Illustrator | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-0018 | 33 Altdo, Americanshareware, Audio Edit Magic and 30 more | 81 Convert Mp3 Master, Mp3 Record And Edit Audio Master, Mp3 Wav Converter and 78 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others ...
Show More |
|||||
| CVE-2008-2786 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.
|
|||||
| CVE-2007-6510 | 1 Prowizard | 1 Prowizard 4 Pc | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.
|
|||||
| CVE-2009-1068 | 1 Bsplayer | 1 Bs.player | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
|
|||||
| CVE-2006-5266 | 1 Microsoft | 1 Dynamics Gp | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component.
|
|||||