Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0199 | 1 Vmware | 4 Ace, Movie Decoder, Player and 1 more | 2018-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). | |||||
| CVE-2009-0201 | 1 Openoffice | 1 Openoffice.org | 2018-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." | |||||
| CVE-2009-0210 | 1 Areva | 1 E-terrahabitat | 2018-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service (system crash) via unspecified vectors, aka PD28578. | |||||
| CVE-2009-0246 | 1 Easyhdr | 1 Easyhdr | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file. | |||||
| CVE-2009-0181 | 1 Vuplayer | 1 Vuplayer | 2018-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters. | |||||
| CVE-2009-0135 | 1 Amarok | 1 Amarok | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. | |||||
| CVE-2008-7078 | 1 Maxum | 1 Rumpus | 2018-10-11 | 9.0 HIGH | N/A |
| Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. | |||||
| CVE-2008-7031 | 1 Foxitsoftware | 1 Wac Server | 2018-10-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. | |||||
| CVE-2008-7009 | 1 Checkpoint | 1 Zonealarm | 2018-10-11 | 6.9 MEDIUM | N/A |
| Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7249 | 1 Pedro Lineu Orso | 1 Sarg | 2018-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167. | |||||
| CVE-2008-7015 | 2 Epic Games, Frontlines | 2 Unreal Tournament, Fuel Of War | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure. | |||||
| CVE-2008-7174 | 1 Juracapecoffee | 2 Internet Connectivity Kit, Jura Impressa | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions. | |||||
| CVE-2008-7225 | 1 Foxitsoftware | 1 Wac Server | 2018-10-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. | |||||
| CVE-2008-6899 | 1 Freesshd | 1 Freesshd | 2018-10-11 | 9.0 HIGH | N/A |
| Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command. | |||||
| CVE-2008-6846 | 1 Avast | 1 Avast Antivirus | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file. | |||||
| CVE-2008-6444 | 1 Baidu | 1 Baidu Hi | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value. | |||||
| CVE-2008-6679 | 1 Ghostscript | 1 Ghostscript | 2018-10-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file. | |||||
| CVE-2008-6563 | 1 Ceruleanstudios | 1 Trillian | 2018-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file. | |||||
| CVE-2008-6994 | 1 Google | 1 Chrome | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header. | |||||
| CVE-2008-6953 | 1 Oovoo | 1 Oovoo | 2018-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI. | |||||
| CVE-2008-5616 | 1 Mplayer | 1 Mplayer | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. | |||||
| CVE-2008-5735 | 1 Coolplayer | 1 Coolplayer | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file. | |||||
| CVE-2008-5557 | 1 Php | 1 Php | 2018-10-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions. | |||||
| CVE-2008-5680 | 1 Opera | 1 Opera Browser | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. | |||||
| CVE-2008-5403 | 2 Cerulean Studios, Ceruleanstudios | 4 Trillian, Trillian Pro, Trillian and 1 more | 2018-10-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | |||||
| CVE-2008-5401 | 2 Cerulean Studios, Ceruleanstudios | 4 Trillian, Trillian Pro, Trillian and 1 more | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." | |||||
| CVE-2008-5419 | 1 Emc | 1 Control Center | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. | |||||
| CVE-2008-5381 | 1 Ffdshow-tryout | 1 Ffdshow | 2018-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2008-5263 | 1 Dmitry Baryshev | 1 Ksquirrel-libs | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file). | |||||
| CVE-2008-5176 | 1 Clientsoftware | 1 Wincom Mpd Total | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515. | |||||
| CVE-2008-5282 | 1 W3c | 1 Amaya Web Browser | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute. | |||||
| CVE-2008-5260 | 1 Axis | 1 Axis Camera Control | 2018-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. | |||||
| CVE-2008-5234 | 1 Xine | 1 Xine-lib | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15. | |||||
| CVE-2008-5120 | 1 Hp | 1 Openvms | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | |||||
| CVE-2008-5233 | 1 Xine | 1 Xine-lib | 2018-10-11 | 4.3 MEDIUM | N/A |
| xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | |||||
| CVE-2008-5242 | 1 Xine | 1 Xine-lib | 2018-10-11 | 6.8 MEDIUM | N/A |
| demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | |||||
| CVE-2008-5229 | 1 Microsoft | 1 Windows Vista | 2018-10-11 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. | |||||
| CVE-2008-5240 | 1 Xine | 1 Xine-lib | 2018-10-11 | 4.3 MEDIUM | N/A |
| xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. | |||||
| CVE-2008-5106 | 1 Karjasoft | 1 Sami Ftp Server | 2018-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command, which triggers the overflow when the SamyFtp.binlog log file is viewed in the management console. NOTE: this may overlap CVE-2006-0441 and CVE-2006-2212. | |||||
| CVE-2008-5239 | 1 Xine | 1 Xine-lib | 2018-10-11 | 4.3 MEDIUM | N/A |
| xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows. | |||||
| CVE-2008-5236 | 1 Xine | 1 Xine | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15. | |||||
| CVE-2008-5032 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. | |||||
| CVE-2008-5073 | 1 Novell | 1 Zenworks Desktop Management | 2018-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method. | |||||
| CVE-2008-5050 | 1 Clam Anti-virus | 1 Clamav | 2018-10-11 | 9.3 HIGH | N/A |
| Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-5036 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. | |||||
| CVE-2008-5005 | 1 University Of Washington | 2 Alpine, Imap Toolkit | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program. | |||||
| CVE-2008-4555 | 1 Graphviz | 1 Graphviz | 2018-10-11 | 8.5 HIGH | N/A |
| Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements. | |||||
| CVE-2008-4556 | 1 Sun | 1 Solaris | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2008-4726 | 1 Goodtechsystems | 1 Goodtech Ssh | 2018-10-11 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters. | |||||
| CVE-2008-4654 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. | |||||