Search
Total
6142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3374 | 1 Redhat | 1 Cluster Suite | 2017-10-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages. | |||||
| CVE-2007-3294 | 1 Php | 1 Php | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf. | |||||
| CVE-2007-3169 | 1 Edraw | 1 Office Viewer Component | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method. | |||||
| CVE-2007-3105 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. | |||||
| CVE-2007-2668 | 1 Webdesproxy | 1 Webdesproxy | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request function in webdesproxy.c. | |||||
| CVE-2007-2365 | 1 Adobe | 4 Golive, Illustrator, Photoshop and 1 more | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | |||||
| CVE-2007-2244 | 1 Adobe | 3 Golive, Illustrator, Photoshop | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. | |||||
| CVE-2007-1993 | 1 Hp | 1 Hp-ux | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." | |||||
| CVE-2007-1592 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket. | |||||
| CVE-2007-1580 | 1 Ftpdmin | 1 Ftpdmin | 2017-10-11 | 6.3 MEDIUM | N/A |
| FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument. | |||||
| CVE-2007-1579 | 1 Atrium Software | 2 Mercur Imapd, Mercur Messaging 2005 | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command. | |||||
| CVE-2007-1413 | 1 Php | 1 Php | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). | |||||
| CVE-2007-1347 | 1 Microsoft | 3 Windows 2000, Windows Explorer, Windows Xp | 2017-10-11 | 7.1 HIGH | N/A |
| Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. | |||||
| CVE-2007-1218 | 1 Tcpdump | 1 Tcpdump | 2017-10-11 | 6.8 MEDIUM | N/A |
| Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. | |||||
| CVE-2007-1041 | 1 Sandh | 1 News Rover | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string. | |||||
| CVE-2007-0790 | 1 Smartftp | 1 Smartftp | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. | |||||
| CVE-2007-0464 | 2 Apple, Cfnetwork | 2 Mac Os X, Cfnetwork | 2017-10-11 | 5.0 MEDIUM | N/A |
| The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | |||||
| CVE-2007-0236 | 1 Apple | 1 Mac Os X | 2017-10-11 | 10.0 HIGH | N/A |
| Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. | |||||
| CVE-2007-0235 | 1 Libgtop | 1 Libgtop | 2017-10-11 | 3.7 LOW | N/A |
| Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. | |||||
| CVE-2007-0016 | 1 Netfarer | 1 Movieplay | 2017-10-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. | |||||
| CVE-2006-4262 | 1 Cscope | 1 Cscope | 2017-10-11 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. | |||||
| CVE-2006-4146 | 1 Gnu | 1 Gdb | 2017-10-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. | |||||
| CVE-2006-3463 | 1 Libtiff | 1 Libtiff | 2017-10-11 | 7.8 HIGH | N/A |
| The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. | |||||
| CVE-2006-3462 | 1 Libtiff | 1 Libtiff | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. | |||||
| CVE-2006-3460 | 1 Libtiff | 1 Libtiff | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). | |||||
| CVE-2006-3459 | 2 Adobe, Libtiff | 2 Acrobat Reader, Libtiff | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | |||||
| CVE-2006-0481 | 1 Greg Roelofs | 1 Libpng | 2017-10-11 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image. | |||||
| CVE-2005-2922 | 1 Realnetworks | 4 Helix Player, Realone Player, Realplayer and 1 more | 2017-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header. | |||||
| CVE-2005-4872 | 1 Pcre | 1 Pcre | 2017-10-11 | 4.3 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | |||||
| CVE-2005-1462 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 7.5 HIGH | N/A |
| Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code. | |||||
| CVE-2006-1857 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 9.0 HIGH | N/A |
| Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk. | |||||
| CVE-2003-1461 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.2 HIGH | N/A |
| Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473). | |||||
| CVE-2002-1357 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | |||||
| CVE-2003-1375 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.2 HIGH | N/A |
| Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument. | |||||
| CVE-2004-0694 | 1 Tsugio Okamoto | 1 Lha | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | |||||
| CVE-2003-1359 | 2 Avaya, Hp | 2 Predictive Dialer System, Hp-ux | 2017-10-11 | 7.2 HIGH | N/A |
| Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. | |||||
| CVE-2005-0504 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value. | |||||
| CVE-2005-0256 | 1 Washington University | 1 Wu-ftpd | 2017-10-11 | 5.0 MEDIUM | N/A |
| The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command. | |||||
| CVE-2005-0247 | 1 Postgresql | 1 Postgresql | 2017-10-11 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245. | |||||
| CVE-2003-1339 | 1 Ezmeeting | 1 Ezmeeting | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll. | |||||
| CVE-2004-2719 | 1 Foxmail | 1 Foxmail | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339. | |||||
| CVE-2004-2685 | 1 Youngzsoft | 1 Ccproxy | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416. | |||||
| CVE-2004-2541 | 1 Cscope | 1 Cscope | 2017-10-11 | 6.9 MEDIUM | N/A |
| Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. | |||||
| CVE-2005-0177 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.8 HIGH | N/A |
| nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow. | |||||
| CVE-2004-0368 | 3 Ibm, Open Group, Xi Graphics | 3 Aix, Cde Common Desktop Environment, Dextop | 2017-10-11 | 10.0 HIGH | N/A |
| Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet. | |||||
| CVE-2004-0234 | 8 Clearswift, F-secure, Rarlab and 5 more | 13 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 10 more | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. | |||||
| CVE-2001-0819 | 1 Fetchmail | 1 Fetchmail | 2017-10-10 | 7.5 HIGH | N/A |
| A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. | |||||
| CVE-2001-0803 | 1 Open Group | 1 Cde Common Desktop Environment | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0629 | 1 Hp | 1 Openview Network Node Manager | 2017-10-10 | 10.0 HIGH | N/A |
| HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter. | |||||
| CVE-2012-4988 | 1 Xnview | 1 Xnview | 2017-10-05 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file. | |||||