Search
Total
1182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1351 | 7 Mandrakesoft, Openbsd, Redhat and 4 more | 11 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 8 more | 2018-10-16 | 8.5 HIGH | N/A |
| Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. | |||||
| CVE-2007-0062 | 1 Vmware | 5 Ace, Player, Server and 2 more | 2018-10-16 | 10.0 HIGH | N/A |
| Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients. | |||||
| CVE-2007-0008 | 1 Mozilla | 4 Firefox, Network Security Services, Seamonkey and 1 more | 2018-10-16 | 6.8 MEDIUM | N/A |
| Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. | |||||
| CVE-2006-7228 | 1 Pcre | 1 Pcre | 2018-10-16 | 6.8 MEDIUM | N/A |
| Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | |||||
| CVE-2008-0986 | 1 Google | 1 Android Sdk | 2018-10-15 | 7.5 HIGH | N/A |
| Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | |||||
| CVE-2008-0944 | 1 Ipswitch | 1 Instant Messaging | 2018-10-15 | 5.0 MEDIUM | N/A |
| Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. | |||||
| CVE-2008-0767 | 2 Extremez, Extremez-ip | 2 Print Server, File Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read. | |||||
| CVE-2008-0726 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-15 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. | |||||
| CVE-2008-0486 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2018-10-15 | 7.5 HIGH | N/A |
| Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. | |||||
| CVE-2008-0485 | 1 Mplayer | 1 Mplayer | 2018-10-15 | 9.3 HIGH | N/A |
| Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. | |||||
| CVE-2008-0434 | 1 Gecad Technologies | 1 Axigen Mail Server | 2018-10-15 | 9.3 HIGH | N/A |
| Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command. | |||||
| CVE-2007-6627 | 1 Feng | 1 Feng | 2018-10-15 | 7.5 HIGH | N/A |
| Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff. | |||||
| CVE-2007-6523 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. | |||||
| CVE-2007-6429 | 1 X.org | 3 Evi, Mit-shm, Xserver | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. | |||||
| CVE-2007-6352 | 1 Libexif | 1 Libexif | 2018-10-15 | 6.8 MEDIUM | N/A |
| Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c. | |||||
| CVE-2007-6113 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 4.3 MEDIUM | N/A |
| Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. | |||||
| CVE-2007-6067 | 2 Postgresql, Tcl Tk | 2 Postgresql, Tcl Tk | 2018-10-15 | 6.8 MEDIUM | N/A |
| Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. | |||||
| CVE-2007-5966 | 1 Linux | 1 Linux Kernel | 2018-10-15 | 7.2 HIGH | N/A |
| Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5497 | 1 Ext2 Filesystems Utilities | 1 E2fsprogs | 2018-10-15 | 5.8 MEDIUM | N/A |
| Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. | |||||
| CVE-2007-5503 | 1 Redhat | 1 Cairo | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. | |||||
| CVE-2007-5416 | 1 Drupal | 1 Drupal | 2018-10-15 | 6.8 MEDIUM | N/A |
| Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal. | |||||
| CVE-2007-5369 | 1 Massive Entertainment | 1 World In Conflict | 2018-10-15 | 5.0 MEDIUM | N/A |
| The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in the third byte. | |||||
| CVE-2007-5267 | 1 Libpng | 1 Libpng | 2018-10-15 | 4.3 MEDIUM | N/A |
| Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. | |||||
| CVE-2007-5250 | 1 Americasarmy | 2 America\'s Army, America\'s Army Special Forces | 2018-10-15 | 4.3 MEDIUM | N/A |
| The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. NOTE: this issue may overlap CVE-2007-4443. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | |||||
| CVE-2007-5135 | 1 Openssl | 1 Openssl | 2018-10-15 | 6.8 MEDIUM | N/A |
| Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. | |||||
| CVE-2007-4995 | 1 Openssl | 1 Openssl | 2018-10-15 | 9.3 HIGH | N/A |
| Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-4980 | 1 Gcaldaemon | 1 Gcaldaemon | 2018-10-15 | 4.3 MEDIUM | N/A |
| The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError. | |||||
| CVE-2007-4990 | 1 X.org | 1 X Font Server | 2018-10-15 | 7.5 HIGH | N/A |
| The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | |||||
| CVE-2007-4987 | 1 Imagemagick | 1 Imagemagick | 2018-10-15 | 9.3 HIGH | N/A |
| Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. | |||||
| CVE-2007-4988 | 1 Imagemagick | 1 Imagemagick | 2018-10-15 | 6.8 MEDIUM | N/A |
| Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. | |||||
| CVE-2007-4986 | 1 Imagemagick | 1 Imagemagick | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-4940 | 3 Guliverkli, Mympc, Verycd | 3 Media Player Classic, Cd-storm, Stormplayer | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values. | |||||
| CVE-2007-4904 | 1 Realnetworks | 2 Helix Player, Realplayer | 2018-10-15 | 4.3 MEDIUM | N/A |
| RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. | |||||
| CVE-2007-4769 | 2 Postgresql, Tcl Tk | 2 Postgresql, Tcl Tk | 2018-10-15 | 6.8 MEDIUM | N/A |
| The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. | |||||
| CVE-2007-4766 | 1 Pcre | 1 Pcre | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. | |||||
| CVE-2007-4674 | 1 Apple | 1 Quicktime | 2018-10-15 | 6.8 MEDIUM | N/A |
| An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow. | |||||
| CVE-2007-4578 | 1 Sophos | 3 Anti-virus, Scanning Engine, Small Business Suite | 2018-10-15 | 6.8 MEDIUM | N/A |
| Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. | |||||
| CVE-2007-4568 | 1 X.org | 1 X Font Server | 2018-10-15 | 6.8 MEDIUM | N/A |
| Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-4686 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-15 | 7.2 HIGH | N/A |
| Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | |||||
| CVE-2007-4347 | 1 Symantec | 1 Backupexec System Recovery | 2018-10-15 | 7.8 HIGH | N/A |
| Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. | |||||
| CVE-2007-4218 | 1 Trend Micro | 1 Serverprotect | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service. | |||||
| CVE-2015-6130 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-10-12 | 9.3 HIGH | N/A |
| Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows remote attackers to execute arbitrary code via a crafted font, aka "Windows Integer Underflow Vulnerability." | |||||
| CVE-2013-1327 | 1 Microsoft | 1 Publisher | 2018-10-12 | 9.3 HIGH | N/A |
| Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." | |||||
| CVE-2013-1329 | 1 Microsoft | 1 Publisher | 2018-10-12 | 9.3 HIGH | N/A |
| Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." | |||||
| CVE-2012-2523 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2018-10-12 | 9.3 HIGH | N/A |
| Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." | |||||
| CVE-2011-0097 | 1 Microsoft | 5 Excel, Excel Viewer, Office and 2 more | 2018-10-12 | 9.3 HIGH | N/A |
| Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability." | |||||
| CVE-2011-0098 | 1 Microsoft | 5 Excel, Excel Viewer, Office and 2 more | 2018-10-12 | 9.3 HIGH | N/A |
| Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability." | |||||
| CVE-2010-3946 | 1 Microsoft | 2 Office, Office Converter Pack | 2018-10-12 | 9.3 HIGH | N/A |
| Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." | |||||
| CVE-2010-3230 | 1 Microsoft | 1 Excel | 2018-10-12 | 9.3 HIGH | N/A |
| Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." | |||||
| CVE-2010-2573 | 1 Microsoft | 3 Office, Powerpoint, Powerpoint Viewer | 2018-10-12 | 9.3 HIGH | N/A |
| Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." | |||||