Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5122 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 4.3 MEDIUM | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 allows remote attackers to cause a denial of service (application crash) via a crafted compressed file. | |||||
| CVE-2012-3501 | 1 Darold | 1 Squidclamav | 2012-08-27 | 5.0 MEDIUM | N/A |
| The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A. | |||||
| CVE-2009-5124 | 1 Comodo | 1 Comodo Internet Security | 2012-08-27 | 4.3 MEDIUM | N/A |
| The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (application crash) via a crafted packed file. | |||||
| CVE-2012-1904 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-08-25 | 4.3 MEDIUM | N/A |
| mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. | |||||
| CVE-2011-4579 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-08-21 | 4.3 MEDIUM | N/A |
| The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed." | |||||
| CVE-2012-0847 | 1 Ffmpeg | 1 Ffmpeg | 2012-08-21 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. | |||||
| CVE-2011-4364 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-08-21 | 6.8 MEDIUM | N/A |
| Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams. | |||||
| CVE-2011-3951 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-08-21 | 6.8 MEDIUM | N/A |
| The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file. | |||||
| CVE-2011-4353 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-08-21 | 4.3 MEDIUM | N/A |
| The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. | |||||
| CVE-2011-3945 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-08-21 | 6.8 MEDIUM | N/A |
| The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file. | |||||
| CVE-2012-4353 | 1 Sielcosistemi | 2 Winlog Lite, Winlog Pro | 2012-08-20 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-2614 | 1 Lattice Semiconductor | 1 Lattice Diamond Programmer | 2012-08-18 | 6.8 MEDIUM | N/A |
| Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file. | |||||
| CVE-2012-4162 | 2 Adobe, Apple | 3 Acrobat, Acrobat Reader, Mac Os X | 2012-08-15 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161. | |||||
| CVE-2012-2046 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2047. | |||||
| CVE-2012-4161 | 2 Adobe, Apple | 3 Acrobat, Acrobat Reader, Mac Os X | 2012-08-15 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4162. | |||||
| CVE-2012-2047 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2046. | |||||
| CVE-2012-2043 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047. | |||||
| CVE-2012-2044 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047. | |||||
| CVE-2012-2045 | 1 Adobe | 1 Shockwave Player | 2012-08-15 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2046, and CVE-2012-2047. | |||||
| CVE-2012-3007 | 1 Invensys | 5 Dasabcip, Daserver Runtime Components, Dassidirect and 2 more | 2012-08-14 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string. | |||||
| CVE-2012-3561 | 1 Opera | 1 Opera Browser | 2012-08-14 | 10.0 HIGH | N/A |
| Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string. | |||||
| CVE-2008-0610 | 1 Ultravnc | 1 Ultravnc | 2012-08-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value. | |||||
| CVE-2012-1357 | 1 Cisco | 2 Nexus 5000, Nx-os | 2012-08-07 | 5.0 MEDIUM | N/A |
| The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. | |||||
| CVE-2012-2859 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-08-07 | 7.5 HIGH | N/A |
| Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-4146 | 1 Opera | 1 Opera Browser | 2012-08-07 | 4.3 MEDIUM | N/A |
| Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. | |||||
| CVE-2012-1370 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-06 | 3.5 LOW | N/A |
| Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. | |||||
| CVE-2012-0277 | 1 Xnview | 1 Xnview | 2012-08-01 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | |||||
| CVE-2011-3174 | 1 Novell | 1 Zenworks Configuration Management | 2012-07-27 | 6.8 MEDIUM | N/A |
| Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter. | |||||
| CVE-2011-2199 | 1 H Peter Anvin | 1 Tftp-hpa | 2012-07-23 | 7.5 HIGH | N/A |
| Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. | |||||
| CVE-2012-0282 | 1 Xnview | 1 Xnview | 2012-07-18 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. | |||||
| CVE-2012-0276 | 1 Xnview | 1 Xnview | 2012-07-18 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL. | |||||
| CVE-2012-3585 | 1 Irfanview | 2 Irfanview, Irfanview Plugins | 2012-07-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file. | |||||
| CVE-2011-5096 | 1 Avaya | 1 Aura Application Server 5300 | 2012-07-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | |||||
| CVE-2012-1830 | 1 Wellintech | 1 Kingview | 2012-07-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. | |||||
| CVE-2012-1831 | 1 Wellintech | 1 Kingview | 2012-07-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. | |||||
| CVE-2012-2515 | 2 Emc, Ge | 7 Captiva Quickscan Pro, Documentum Applicationxtender Desktop, Intelligent Platforms Proficy Batch Execution and 4 more | 2012-07-17 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. | |||||
| CVE-2012-1832 | 1 Wellintech | 1 Kingview | 2012-07-17 | 10.0 HIGH | N/A |
| WellinTech KingView 6.53 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted packet to (1) TCP or (2) UDP port 2001. | |||||
| CVE-2012-1162 | 1 Nih | 1 Libzip | 2012-07-13 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." | |||||
| CVE-2010-4650 | 1 Linux | 1 Linux Kernel | 2012-06-22 | 4.6 MEDIUM | N/A |
| Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server. | |||||
| CVE-2012-0802 | 1 Spamdyke | 1 Spamdyke | 2012-06-20 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf()/vsnprintf()" in which the return values may be larger than the size of the buffer. | |||||
| CVE-2011-3494 | 1 Interactivedata | 1 Esignal | 2012-06-20 | 10.0 HIGH | N/A |
| WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0693 | 1 Dell | 1 Wyse Device Manager | 2012-06-20 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. | |||||
| CVE-2012-2598 | 1 Siemens | 1 Wincc | 2012-06-12 | 4.3 MEDIUM | N/A |
| Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. | |||||
| CVE-2011-3493 | 1 Cogentdatahub | 1 Cogent Datahub | 2012-06-04 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands. | |||||
| CVE-2012-0658 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. | |||||
| CVE-2012-0660 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 6.8 MEDIUM | N/A |
| Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||||
| CVE-2012-2427 | 1 Xarrow | 1 Xarrow | 2012-05-28 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation. | |||||
| CVE-2011-3460 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-18 | 7.5 HIGH | N/A |
| Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. | |||||
| CVE-2011-0334 | 1 Novell | 1 Groupwise | 2012-05-14 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file. | |||||
| CVE-2011-0333 | 1 Novell | 1 Groupwise | 2012-05-14 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error." | |||||