Search
Total
6142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4274 | 1 Netpbm | 1 Netpbm | 2017-08-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. | |||||
| CVE-2009-4251 | 1 Corel | 1 Paint Shop Pro | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366. | |||||
| CVE-2009-4243 | 3 Apple, Microsoft, Realnetworks | 6 Mac Os X, Windows, Helix Player and 3 more | 2017-08-17 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." | |||||
| CVE-2009-4240 | 1 Ibm | 1 Infosphere Information Server | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors. | |||||
| CVE-2009-4227 | 1 Xfig | 1 Xfig | 2017-08-17 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4201 | 1 Assistanttools | 1 Mp3 Tag Assistance Professional | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field. | |||||
| CVE-2009-4186 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-08-17 | 9.3 HIGH | N/A |
| Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | |||||
| CVE-2009-4124 | 1 Ruby-lang | 1 Ruby | 2017-08-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4097 | 1 Malsmith | 1 Serenity Audio Player | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3977 | 1 Hp | 1 Openview Network Node Manager | 2017-08-17 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. | |||||
| CVE-2009-3938 | 1 Poppler | 1 Poppler | 2017-08-17 | 6.8 MEDIUM | N/A |
| Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file. | |||||
| CVE-2009-3924 | 2 Punkbuster, Raven Software | 2 Punkbuster, Soldier Of Fortune 2 | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet. | |||||
| CVE-2009-3878 | 2 Intevydis, Sun | 2 Vulndisco Pack, Java System Web Server | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3790 | 1 Cutepdf | 1 Formmax | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3699 | 1 Ibm | 2 Aix, Vios | 2017-08-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd. | |||||
| CVE-2009-3484 | 1 Coreftp | 1 Core Ftp | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3476 | 1 Internet2 | 3 Opensaml, Shibboleth-sp, Xmltooling | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL. | |||||
| CVE-2009-3483 | 1 Globalscape | 1 Cuteftp | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label. | |||||
| CVE-2009-3221 | 1 Basicunivers.free.fr | 1 Audio Lib Player | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file. | |||||
| CVE-2009-3213 | 1 Broid | 1 Broid | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file. | |||||
| CVE-2009-3183 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2009-3033 | 1 Symantec | 3 Altiris Deployment Solution, Altiris Management Platform, Altiris Notification Server | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. | |||||
| CVE-2009-2880 | 1 Cisco | 1 Webex | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | |||||
| CVE-2009-2879 | 1 Cisco | 1 Webex | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878. | |||||
| CVE-2009-2878 | 1 Cisco | 1 Webex | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879. | |||||
| CVE-2009-2877 | 1 Cisco | 1 Webex | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | |||||
| CVE-2009-2876 | 1 Cisco | 1 Webex | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. | |||||
| CVE-2009-2875 | 1 Cisco | 1 Webex | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | |||||
| CVE-2009-2865 | 1 Cisco | 2 Ios, Unified Communications Manager Express | 2017-08-17 | 7.6 HIGH | N/A |
| Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779. | |||||
| CVE-2009-2807 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2009-2800 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | |||||
| CVE-2009-2767 | 1 Linux | 2 Kernel, Linux Kernel | 2017-08-17 | 7.2 HIGH | N/A |
| The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. | |||||
| CVE-2009-2556 | 1 Google | 1 Chrome | 2017-08-17 | 9.3 HIGH | N/A |
| Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||||
| CVE-2009-2434 | 1 Ibm | 1 Aix | 2017-08-17 | 7.2 HIGH | N/A |
| Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2009-2225 | 1 Surething | 1 Surething Cd\/dvd Labeler | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2193 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 10.0 HIGH | N/A |
| Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. | |||||
| CVE-2009-2188 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. | |||||
| CVE-2009-2121 | 1 Google | 1 Chrome | 2017-08-17 | 9.3 HIGH | N/A |
| Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response. | |||||
| CVE-2009-1897 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 6.9 MEDIUM | N/A |
| The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894. | |||||
| CVE-2009-1885 | 1 Apache | 1 Xerces-c\+\+ | 2017-08-17 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2009-1791 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. | |||||
| CVE-2009-1788 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2017-08-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. | |||||
| CVE-2009-1740 | 1 Dlink | 1 Mpeg4 Viewer Activex Control | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1728 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | |||||
| CVE-2009-1640 | 1 Nucleustechnologies | 1 Kernel Recovery | 2017-08-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file. | |||||
| CVE-2009-1606 | 1 Dafolo | 1 Dafolocontrol | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1520 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2017-08-17 | 10.0 HIGH | N/A |
| Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-1490 | 1 Sendmail | 1 Sendmail | 2017-08-17 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header. | |||||
| CVE-2009-1476 | 1 Darren Reed | 1 Ipfilter | 2017-08-17 | 7.2 HIGH | N/A |
| Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL. | |||||