Search
Total
6142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3254 | 1 Ultimatevideosite | 1 Ultimate Player | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file. | |||||
| CVE-2009-3253 | 1 Tricerasoft | 1 Swift Ultralite | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file. | |||||
| CVE-2009-3244 | 1 Adobe | 1 Shockwave Player | 2017-09-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. | |||||
| CVE-2009-3235 | 1 Dovecot | 1 Dovecot | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | |||||
| CVE-2009-3170 | 1 Aimp | 1 Aimp2 Audio Converter | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file. | |||||
| CVE-2009-3083 | 1 Pidgin | 2 Libpurple, Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. | |||||
| CVE-2009-3058 | 1 Aksoft | 1 Akplayer | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file. | |||||
| CVE-2009-2961 | 1 Kolmck | 1 Kol Player | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file. | |||||
| CVE-2009-2957 | 1 Thekelleys | 1 Dnsmasq | 2017-09-19 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. | |||||
| CVE-2009-2934 | 1 Programmedintegration | 1 Pipl | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlist file. | |||||
| CVE-2009-2917 | 1 Imtoo | 1 Mpeg Encoder | 2017-09-19 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file. | |||||
| CVE-2009-2896 | 1 Kde | 1 Kmplayer | 2017-09-19 | 9.3 HIGH | N/A |
| Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2905 | 1 Fedorahosted | 1 Newt | 2017-09-19 | 4.6 MEDIUM | N/A |
| Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box. | |||||
| CVE-2009-2837 | 1 Apple | 1 Mac Os X | 2017-09-19 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||||
| CVE-2009-2817 | 1 Apple | 1 Itunes | 2017-09-19 | 9.3 HIGH | N/A |
| Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. | |||||
| CVE-2009-2695 | 1 Linux | 1 Linux Kernel | 2017-09-19 | 7.2 HIGH | N/A |
| The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs. | |||||
| CVE-2009-2703 | 1 Pidgin | 2 Libpurple, Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. | |||||
| CVE-2009-2650 | 1 Sorcerersoftware | 1 Multimedia Jukebox | 2017-09-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file. | |||||
| CVE-2009-2632 | 1 Cmu | 1 Cyrus Imap Server | 2017-09-19 | 4.4 MEDIUM | N/A |
| Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. | |||||
| CVE-2009-2568 | 1 Sorinara | 1 Streaming Audio Player | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file. | |||||
| CVE-2009-2566 | 1 Tfm | 1 Mmplayer | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file. | |||||
| CVE-2009-2559 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2550 | 1 Ondanera.net | 1 Hamster Audio Player | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file. | |||||
| CVE-2009-2485 | 1 Tingan | 1 Ht-mp3player | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file. | |||||
| CVE-2009-2484 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. | |||||
| CVE-2009-2450 | 1 Tallemu | 2 Online Armor Personal Firewall Av\+, Personal Firewall | 2017-09-19 | 7.2 HIGH | N/A |
| The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL. | |||||
| CVE-2009-2403 | 1 Shinji-chiba | 1 Scmpx | 2017-09-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file. | |||||
| CVE-2009-2384 | 1 Mathi | 1 Peamp | 2017-09-19 | 9.3 HIGH | N/A |
| Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2364 | 1 Mp3-nator | 1 Mp3-nator | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry. | |||||
| CVE-2009-2363 | 1 Yukudr | 1 Audioplus | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument. | |||||
| CVE-2009-2362 | 1 Yukudr | 1 Audioplus | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file. | |||||
| CVE-2009-2227 | 1 Blabsoft | 1 Bopup Communication Server | 2017-09-19 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810. | |||||
| CVE-2013-0946 | 1 Emc | 1 Alphastor | 2017-09-17 | 9.3 HIGH | N/A |
| Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. | |||||
| CVE-2014-0787 | 1 Wellintech | 1 Kingscada | 2017-09-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2015-3089 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2017-09-17 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093. | |||||
| CVE-2015-3088 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2017-09-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-3093 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2017-09-17 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3090. | |||||
| CVE-2015-3796 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-16 | 7.5 HIGH | N/A |
| The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798. | |||||
| CVE-2014-9208 | 1 Advantech | 1 Webaccess | 2017-09-16 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2015-8317 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 5.0 MEDIUM | N/A |
| The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | |||||
| CVE-2015-6773 | 1 Google | 1 Chrome | 2017-09-14 | 7.5 HIGH | N/A |
| The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data. | |||||
| CVE-2015-8241 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 6.4 MEDIUM | N/A |
| The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||||
| CVE-2015-6771 | 1 Google | 1 Chrome | 2017-09-14 | 7.5 HIGH | N/A |
| js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2015-7941 | 2 Canonical, Xmlsoft | 2 Ubuntu Linux, Libxml2 | 2017-09-14 | 4.3 MEDIUM | N/A |
| libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. | |||||
| CVE-2015-7497 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-7498 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. | |||||
| CVE-2015-6776 | 1 Google | 1 Chrome | 2017-09-14 | 6.8 MEDIUM | N/A |
| The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform. | |||||
| CVE-2015-6764 | 1 Google | 1 Chrome | 2017-09-14 | 7.5 HIGH | N/A |
| The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2015-6778 | 1 Google | 1 Chrome | 2017-09-14 | 7.5 HIGH | N/A |
| The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2 compression. | |||||
| CVE-2015-7109 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-13 | 9.3 HIGH | N/A |
| IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||