Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3861 | 1 Safenet-inc | 1 Softremote | 2018-10-10 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). | |||||
| CVE-2009-3994 | 1 Denton Woods | 1 Devil | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file. | |||||
| CVE-2009-3995 | 2 Nullsoft, Raphael Assenat | 2 Winamp, Libmikmod | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3849 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe. | |||||
| CVE-2009-3853 | 1 Ibm | 1 Tivoli Storage Manager | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet. | |||||
| CVE-2009-3996 | 2 Nullsoft, Raphael Assenat | 2 Winamp, Libmikmod | 2018-10-10 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. | |||||
| CVE-2009-3846 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter. | |||||
| CVE-2009-3844 | 1 Hp | 1 Openview Data Protector Application Recovery Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet. | |||||
| CVE-2009-3838 | 1 Pmail | 1 Pegasus Mail | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message. | |||||
| CVE-2009-3637 | 1 Icculus | 1 Alien Arena | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command. | |||||
| CVE-2009-3848 | 1 Hp | 1 Openview Network Node Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function. | |||||
| CVE-2009-3709 | 1 Konae | 1 Alleycode Html Editor | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag. | |||||
| CVE-2009-3711 | 1 Jasper | 1 Httpdx | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2009-3826 | 1 Squidguard | 1 Squidguard | 2018-10-10 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. | |||||
| CVE-2009-3837 | 1 Eureka-email | 1 Eureka Email | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message. | |||||
| CVE-2009-3031 | 1 Symantec | 3 Altiris Deployment Solution, Altiris Management Platform, Altiris Notification Server | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument. | |||||
| CVE-2009-3522 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2018-10-10 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. | |||||
| CVE-2009-3214 | 1 Photodex | 1 Proshow Gold | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields. | |||||
| CVE-2009-2719 | 1 Sun | 1 Java Se | 2018-10-10 | 5.0 MEDIUM | N/A |
| The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). | |||||
| CVE-2009-2753 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size. | |||||
| CVE-2009-2732 | 1 Ntop | 1 Ntop | 2018-10-10 | 5.0 MEDIUM | N/A |
| The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. | |||||
| CVE-2009-2970 | 2 Baidu, Uitv | 2 Baidux, Uiplayer | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter. | |||||
| CVE-2009-2692 | 1 Linux | 2 Kernel, Linux Kernel | 2018-10-10 | 7.2 HIGH | N/A |
| The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | |||||
| CVE-2009-2685 | 1 Hp | 1 Power Manager | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable. | |||||
| CVE-2009-2460 | 1 Forkosh | 1 Mathtex | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors. | |||||
| CVE-2009-2582 | 1 Akamai Technologies | 1 Download Manager | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. | |||||
| CVE-2009-2414 | 1 Xmlsoft | 2 Libxml, Libxml2 | 2018-10-10 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2009-2479 | 1 Mozilla | 1 Firefox | 2018-10-10 | 7.8 HIGH | N/A |
| Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. | |||||
| CVE-2009-2578 | 1 Google | 1 Chrome | 2018-10-10 | 5.0 MEDIUM | N/A |
| Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||||
| CVE-2009-2407 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 6.9 MEDIUM | N/A |
| Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. | |||||
| CVE-2009-2356 | 1 Dan Cahill | 1 Nulllogic Groupware | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query. | |||||
| CVE-2009-2026 | 1 Ca | 4 Advantage Data Transport, It Client Manager, Software Delivery and 1 more | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data. | |||||
| CVE-2009-1943 | 1 Safenet-inc | 2 Softremote, Softremote1.4 | 2018-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514. | |||||
| CVE-2009-2375 | 1 Photo-dvd-maker | 1 Photo Dvd Maker | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2377 | 1 Avax-software | 1 Avax Vector Activex | 2018-10-10 | 4.3 MEDIUM | N/A |
| Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service (application crash) via a long PrinterName property. | |||||
| CVE-2009-1915 | 1 Icq | 1 Icq | 2018-10-10 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file. | |||||
| CVE-2009-2206 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. | |||||
| CVE-2009-2346 | 1 Asterisk | 4 Appliance S800i, Asterisk, Open Source and 1 more | 2018-10-10 | 7.8 HIGH | N/A |
| The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. | |||||
| CVE-2009-1855 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. | |||||
| CVE-2009-1636 | 1 Novell | 1 Groupwise | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. | |||||
| CVE-2009-1568 | 1 Novell | 1 Iprint Client | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter. | |||||
| CVE-2009-1586 | 1 Shemes | 1 Grabit | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file. | |||||
| CVE-2009-1567 | 1 Larts | 1 Uploader Activex Control | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value. | |||||
| CVE-2009-1569 | 1 Novell | 1 Iprint | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time. | |||||
| CVE-2009-1497 | 1 Gomlab | 1 Gom Player | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file. | |||||
| CVE-2009-1608 | 1 Microchip | 1 Mplab Ide | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields. | |||||
| CVE-2009-1353 | 1 Sebastian Fernandez | 1 Zervit | 2018-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in the http_parse_hex function in libz/misc.c in Zervit Webserver 0.02 allows remote attackers to cause a denial of service (daemon crash) via a long URI, related to http.c. | |||||
| CVE-2009-1382 | 1 Forkosh | 1 Mimetex | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags. | |||||
| CVE-2009-1394 | 2 Microsoft, Motorola | 2 Windows, Timbuktu Pro | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. | |||||
| CVE-2009-1430 | 1 Symantec | 5 Antivirus, Antivirus Central Quarantine Server, Client Security and 2 more | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process. | |||||