Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1218 | 1 Tcpdump | 1 Tcpdump | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
|
|||||
| CVE-2008-1282 | 1 B21soft | 1 Bfup | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter.
|
|||||
| CVE-2008-2080 | 1 Nasa Goddard Space Flight Center | 1 Common Data Format | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.
|
|||||
| CVE-2007-5029 | 1 Dibbler | 1 Dibbler | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.
|
|||||
| CVE-2008-2100 | 1 Vmware | 8 Ace, Esx, Esx Server and 5 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
|
|||||
| CVE-2009-1353 | 1 Sebastian Fernandez | 1 Zervit | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c.
|
|||||
| CVE-2008-0590 | 1 Progress | 1 Ws Ftp Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
|
|||||
| CVE-2008-0778 | 1 Apple | 1 Quicktime | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
|
|||||
| CVE-2007-5256 | 1 Mcdu | 1 Fsd | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and FSFDT FSD 3.000 d9 and earlier, allow (1) remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc and (2) remote authenticated users to execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc, as demonstrated by a PIcallsign command.
|
|||||
| CVE-2008-3126 | 1 Fujitsu | 1 Serverview | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL.
|
|||||
| CVE-2007-0005 | 2 Linux, Omnikey.aaitg | 2 Linux Kernel, Omnikey Cardman 4040 | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
|
|||||
| CVE-2007-4664 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
|
|||||
| CVE-2008-0443 | 1 Lycos | 1 Fileuploader.dll | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-0363 | 2 Barnowl, Ktools | 2 Barnowl, Owl | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
|
|||||
| CVE-2007-5018 | 1 David Harris | 1 Mercury 32 | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
|
|||||
| CVE-2009-0154 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
|
|||||
| CVE-2007-4672 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2025-04-09 | 7.6 HIGH | N/A |
|
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.
|
|||||
| CVE-2008-2158 | 1 Emc Corporation | 1 Alphastor | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
|
|||||
| CVE-2008-0973 | 1 Double-take Software | 1 Double-take | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field.
|
|||||
| CVE-2008-7232 | 1 Netplex-tech | 1 Xtacacsd | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.
|
|||||
| CVE-2009-0306 | 2 Ibm, Rim | 2 Lotus Notes Intellisync, Blackberry Desktop Software | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0160 | 1 Centericq | 1 Centericq | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
|
|||||
| CVE-2009-4004 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
|
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks.
|
|||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
|
|||||
| CVE-2007-5067 | 1 Imatix | 1 Xitami | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
|
|||||
| CVE-2008-1865 | 1 Openmosix Project | 1 Openmosix | 2025-04-09 | 1.9 LOW | N/A |
|
Stack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this function with a long item argument. NOTE: the vendor does not provide any program that is capable of causing this overflow.
|
|||||
| CVE-2008-5358 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
|
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
|
|||||
| CVE-2008-1491 | 1 Asus | 1 Remote Console | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
|
|||||
| CVE-2006-5176 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".
|
|||||
| CVE-2007-3374 | 1 Redhat | 1 Cluster Suite | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.
|
|||||
| CVE-2009-0849 | 3 Linux, Microsoft, Novastor | 3 Linux Kernel, Windows, Novanet | 2025-04-09 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5359 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.
|
|||||
| CVE-2007-5623 | 1 Nagios | 1 Plugins | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
|
|||||
| CVE-2008-0553 | 1 Tcl Tk | 1 Tcl Tk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
|
|||||
| CVE-2009-2281 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
|
|||||
| CVE-2008-1010 | 1 Apple | 1 Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
|
|||||
| CVE-2007-2952 | 1 Blue Coat Systems | 2 Filter, K9 Web Protection | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field.
|
|||||
| CVE-2009-0184 | 1 Free Download Manager | 1 Free Download Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
|
|||||
| CVE-2008-5405 | 1 Oxid | 1 Cain And Abel | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
|
|||||
| CVE-2008-1497 | 1 Netwin | 1 Surgemail | 2025-04-09 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
|
|||||