Search
Total
1258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6058 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 5.0 MEDIUM | N/A |
| Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value. | |||||
| CVE-2012-6061 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 5.0 MEDIUM | N/A |
| The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet. | |||||
| CVE-2012-2828 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2011-3834 | 1 Nullsoft | 1 Winamp | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow. | |||||
| CVE-2012-0667 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. | |||||
| CVE-2012-0670 | 1 Apple | 1 Quicktime | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file. | |||||
| CVE-2011-2698 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 4.3 MEDIUM | N/A |
| Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. | |||||
| CVE-2011-3250 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | |||||
| CVE-2011-2371 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | |||||
| CVE-2011-3248 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. | |||||
| CVE-2011-3247 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. | |||||
| CVE-2011-2998 | 1 Mozilla | 1 Firefox | 2017-09-19 | 10.0 HIGH | N/A |
| Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | |||||
| CVE-2011-1138 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 4.3 MEDIUM | N/A |
| Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. | |||||
| CVE-2011-0547 | 1 Symantec | 4 Netbackup Puredisk, Veritas Dynamic Multi-pathing, Veritas Storage Foundation and 1 more | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow. | |||||
| CVE-2011-1213 | 1 Ibm | 1 Lotus Notes | 2017-09-19 | 9.3 HIGH | N/A |
| Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W. | |||||
| CVE-2011-1592 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2017-09-19 | 4.3 MEDIUM | N/A |
| The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. | |||||
| CVE-2011-2175 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 4.3 MEDIUM | N/A |
| Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. | |||||
| CVE-2011-2194 | 1 Videolan | 1 Vlc Media Player | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. | |||||
| CVE-2010-2765 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. | |||||
| CVE-2010-3907 | 1 Videolan | 1 Vlc Media Player | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow. | |||||
| CVE-2010-3812 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. | |||||
| CVE-2010-3805 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. | |||||
| CVE-2010-3803 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. | |||||
| CVE-2010-3802 | 1 Apple | 1 Quicktime | 2017-09-19 | 9.3 HIGH | N/A |
| Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. | |||||
| CVE-2011-0256 | 1 Apple | 1 Quicktime | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file. | |||||
| CVE-2011-0257 | 1 Apple | 1 Quicktime | 2017-09-19 | 9.3 HIGH | N/A |
| Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow. | |||||
| CVE-2010-3772 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. | |||||
| CVE-2010-3767 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. | |||||
| CVE-2010-2995 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 10.0 HIGH | N/A |
| The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. | |||||
| CVE-2010-4009 | 1 Apple | 1 Quicktime | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
| CVE-2010-2936 | 2 Microsoft, Openoffice | 2 Windows, Openoffice.org | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow. | |||||
| CVE-2010-2935 | 2 Microsoft, Openoffice | 2 Windows, Openoffice.org | 2017-09-19 | 9.3 HIGH | N/A |
| simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." | |||||
| CVE-2010-2875 | 1 Adobe | 1 Shockwave Player | 2017-09-19 | 9.3 HIGH | N/A |
| Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie. | |||||
| CVE-2010-2862 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table. | |||||
| CVE-2010-2753 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. | |||||
| CVE-2010-4372 | 1 Nullsoft | 1 Winamp | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586. | |||||
| CVE-2010-2752 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. | |||||
| CVE-2010-0827 | 1 Tug | 2 Tetex, Tex Live | 2017-09-19 | 6.8 MEDIUM | N/A |
| Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. | |||||
| CVE-2010-1028 | 2 Microsoft, Mozilla | 3 Windows Vista, Windows Xp, Firefox | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. | |||||
| CVE-2010-1166 | 1 X | 1 X.org | 2017-09-19 | 7.1 HIGH | N/A |
| The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. | |||||
| CVE-2010-0442 | 1 Postgresql | 1 Postgresql | 2017-09-19 | 6.5 MEDIUM | N/A |
| The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." | |||||
| CVE-2010-1791 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. | |||||
| CVE-2010-0527 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||||
| CVE-2010-0411 | 1 Systemtap | 1 Systemtap | 2017-09-19 | 4.9 MEDIUM | N/A |
| Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. | |||||
| CVE-2010-0040 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | |||||
| CVE-2010-0645 | 1 Google | 1 Chrome | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. | |||||
| CVE-2010-0646 | 1 Google | 1 Chrome | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. | |||||
| CVE-2010-0001 | 1 Gnu | 1 Gzip | 2017-09-19 | 6.8 MEDIUM | N/A |
| Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | |||||
| CVE-2010-1408 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. | |||||
| CVE-2010-1196 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. | |||||