Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1832 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-12-10 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document. | |||||
| CVE-2010-3064 | 1 Php | 1 Php | 2010-12-07 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function. | |||||
| CVE-2010-3063 | 1 Php | 1 Php | 2010-12-07 | 5.0 MEDIUM | N/A |
| The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used. | |||||
| CVE-2010-1318 | 1 Realnetworks | 3 Helix Mobile Server, Helix Server, Helix Server Mobile | 2010-11-24 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-1801 | 1 Apple | 3 Coregraphics, Mac Os X, Mac Os X Server | 2010-11-17 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. | |||||
| CVE-2010-3040 | 1 Cisco | 1 Intelligent Contact Manager | 2010-11-10 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. | |||||
| CVE-2010-3036 | 1 Cisco | 7 Ciscoworks Common Services, Ciscoworks Lan Management Solution, Qos Policy Manager and 4 more | 2010-11-06 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. | |||||
| CVE-2010-4142 | 1 Realflex | 1 Realwin | 2010-11-04 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests. | |||||
| CVE-2009-4893 | 1 Unrealircd | 1 Unrealircd | 2010-10-28 | 6.8 MEDIUM | N/A |
| Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-2585 | 1 Realpage | 1 Module Activex Control | 2010-10-28 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value. | |||||
| CVE-2010-4069 | 1 Ibm | 1 Informix Dynamic Server | 2010-10-27 | 8.5 HIGH | N/A |
| Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. | |||||
| CVE-2008-5364 | 2 Adobe, Nos Microsystems | 2 Acrobat Reader, Getplus Download Manager | 2010-10-25 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817. | |||||
| CVE-2010-3748 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-19 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2010-2578 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file. | |||||
| CVE-2010-3751 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2010-10-19 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler. | |||||
| CVE-2010-2601 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Professional Software | 2010-10-15 | 7.6 HIGH | N/A |
| Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2010-2221 | 4 Arne Redlich \& Ross Walker, Linux, Vladislav Bolkhovitin and 1 more | 4 Iscsitarget, Linux Kernel, Generic Scsi Target Subsystem and 1 more | 2010-09-30 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. | |||||
| CVE-2007-0460 | 1 Suse | 1 Suse Linux | 2010-09-15 | 10.0 HIGH | N/A |
| Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." | |||||
| CVE-2010-2799 | 1 Dest-unreach | 1 Socat | 2010-09-15 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. | |||||
| CVE-2010-2739 | 1 Microsoft | 5 Windows 2003 Server, Windows 7, Windows Server 2008 and 2 more | 2010-09-08 | 7.2 HIGH | N/A |
| Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. | |||||
| CVE-2010-3031 | 1 Wyse | 1 Thinos Hf | 2010-08-30 | 10.0 HIGH | N/A |
| Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service. | |||||
| CVE-2010-1808 | 1 Apple | 3 Apple Type Services, Mac Os X, Mac Os X Server | 2010-08-26 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | |||||
| CVE-2010-3121 | 1 Devonit | 1 Thin-client Management Tool | 2010-08-26 | 7.5 HIGH | N/A |
| Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-3176 | 1 Novell | 1 Iprint | 2010-08-25 | 9.3 HIGH | N/A |
| Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, "Novell iPrint Client 4.38 ActiveX exploit." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2010-3059 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2010-08-23 | 7.5 HIGH | N/A |
| Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command. | |||||
| CVE-2009-4902 | 1 Muscle | 1 Pcsc-lite | 2010-08-12 | 6.8 MEDIUM | N/A |
| Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407. | |||||
| CVE-2010-2979 | 1 Cisco | 2 5508 Wireless Controller, Unified Wireless Network Solution Software | 2010-08-10 | 7.8 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508. | |||||
| CVE-2010-2980 | 1 Cisco | 2 5508 Wireless Controller, Unified Wireless Network Solution Software | 2010-08-10 | 7.8 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794. | |||||
| CVE-2010-2974 | 1 Invensys | 4 Infusion Integrated Engineering Environment, Wonderware Application Server, Wonderware Archestra Configuration Access Component Activex Control and 1 more | 2010-08-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method. | |||||
| CVE-2010-1666 | 1 Dan Pascu | 1 Python-cjson | 2010-07-27 | 6.8 MEDIUM | N/A |
| Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function. | |||||
| CVE-2009-2139 | 1 Sun | 1 Openoffice.org | 2010-07-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238. | |||||
| CVE-2006-6685 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2010-07-16 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4919 | 1 Cisco | 1 Asa 5580 | 2010-06-30 | 10.0 HIGH | N/A |
| Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121. | |||||
| CVE-2010-2440 | 1 Upredsun | 1 Subtitle Translation Wizard | 2010-06-25 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2331 | 1 Upredsun | 1 Isharer File Sharing Wizard | 2010-06-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request. | |||||
| CVE-2010-1937 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2010-06-18 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug #3001896. | |||||
| CVE-2010-0543 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 6.8 MEDIUM | N/A |
| ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. | |||||
| CVE-2010-2309 | 1 Evological | 1 Evocam | 2010-06-17 | 7.5 HIGH | N/A |
| Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2009-4776 | 1 Hitachi | 25 Cosminexus\/opentp1 Web Web Front-endset, Cosminexus Application Server, Cosminexus Client and 22 more | 2010-06-07 | 9.3 HIGH | N/A |
| Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. | |||||
| CVE-2010-0793 | 1 Barnowl | 1 Barnowl | 2010-06-03 | 7.5 HIGH | N/A |
| Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header. | |||||
| CVE-2009-2140 | 1 Go-oo | 1 Go-oo | 2010-05-29 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238. | |||||
| CVE-2009-4873 | 1 Rhinosoft | 1 Serv-u | 2010-05-26 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie. | |||||
| CVE-2010-2009 | 1 Bsplayer | 1 Bs.player | 2010-05-24 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long ID3 tag in a .MP3 file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4637 | 1 Ffmpeg | 1 Ffmpeg | 2010-05-20 | 10.0 HIGH | N/A |
| FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. | |||||
| CVE-2010-1686 | 2 Abcbackup, Internet-soft | 2 Abc Backup, Urgent Backup | 2010-05-12 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. | |||||
| CVE-2010-1853 | 1 Transmissionbt | 1 Transmission | 2010-05-11 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links. | |||||
| CVE-2010-1147 | 1 Roshan Singh | 1 Open Direct Connect Hub | 2010-05-08 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message. | |||||
| CVE-2010-1730 | 2 Dolphin, Htc | 2 Dolphin Browser, Hero | 2010-05-06 | 5.0 MEDIUM | N/A |
| Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | |||||
| CVE-2010-1687 | 1 Mochasoft | 1 Mocha W32 Lpd | 2010-05-05 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1861 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2010-05-04 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption. | |||||