Search
Total
1258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4316 | 1 Gnome | 1 Glib | 2018-10-11 | 4.6 MEDIUM | N/A |
| Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. | |||||
| CVE-2008-4299 | 1 Microsoft | 1 Internet Authentication Service Helper Com Component | 2018-10-11 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-4166 | 1 Avantbrowser | 1 Avant Browser | 2018-10-11 | 4.3 MEDIUM | N/A |
| Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character. | |||||
| CVE-2008-4102 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. | |||||
| CVE-2008-3950 | 1 Apple | 3 Iphone, Ipod Touch, Safari | 2018-10-11 | 5.0 MEDIUM | N/A |
| Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. | |||||
| CVE-2008-3870 | 1 Sun | 1 Solaris | 2018-10-11 | 10.0 HIGH | N/A |
| Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. | |||||
| CVE-2008-3827 | 1 Mplayer | 1 Mplayer | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. | |||||
| CVE-2008-3636 | 1 Apple | 1 Itunes | 2018-10-11 | 7.2 HIGH | N/A |
| Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. | |||||
| CVE-2008-3373 | 1 Grisoft | 1 Avg Antivirus | 2018-10-11 | 5.0 MEDIUM | N/A |
| The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | |||||
| CVE-2008-3135 | 1 Secretwars | 1 Soldner Secret Wars | 2018-10-11 | 7.8 HIGH | N/A |
| Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block. | |||||
| CVE-2008-2927 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955. | |||||
| CVE-2008-2785 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. | |||||
| CVE-2008-2438 | 1 Hp | 1 Openview Network Node Manager | 2018-10-11 | 10.0 HIGH | N/A |
| Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-2430 | 2 Microsoft, Videolan | 2 Windows Nt, Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
| Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | |||||
| CVE-2008-2376 | 2 Redhat, Ruby-lang | 2 Fedora 8, Ruby | 2018-10-11 | 7.5 HIGH | N/A |
| Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. | |||||
| CVE-2008-2362 | 1 X | 1 X11 | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. | |||||
| CVE-2008-2361 | 1 Xorg | 1 X11 | 2018-10-11 | 6.8 MEDIUM | N/A |
| Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. | |||||
| CVE-2008-2360 | 1 X | 1 X11 | 2018-10-11 | 9.0 HIGH | N/A |
| Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-2107 | 1 Php | 1 Php | 2018-10-11 | 7.5 HIGH | N/A |
| The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. | |||||
| CVE-2008-2108 | 1 Php | 1 Php | 2018-10-11 | 7.5 HIGH | N/A |
| The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | |||||
| CVE-2008-1950 | 1 Gnu | 1 Gnutls | 2018-10-11 | 5.0 MEDIUM | N/A |
| Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. | |||||
| CVE-2008-1948 | 1 Gnu | 1 Gnutls | 2018-10-11 | 10.0 HIGH | N/A |
| The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. | |||||
| CVE-2008-1932 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2018-10-11 | 6.8 MEDIUM | N/A |
| Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. | |||||
| CVE-2008-1842 | 1 Hp | 1 Openview Network Node Manager | 2018-10-11 | 10.0 HIGH | N/A |
| Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow. | |||||
| CVE-2008-1807 | 1 Freetype | 1 Freetype | 2018-10-11 | 7.5 HIGH | N/A |
| FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. | |||||
| CVE-2008-1806 | 1 Freetype | 1 Freetype | 2018-10-11 | 7.5 HIGH | N/A |
| Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-1706 | 1 Ibm | 1 Soliddb | 2018-10-11 | 4.3 MEDIUM | N/A |
| Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. | |||||
| CVE-2008-1686 | 2 Xine, Xiph | 3 Xine-lib, Libfishsound, Speex | 2018-10-11 | 9.3 HIGH | N/A |
| Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | |||||
| CVE-2008-1637 | 1 Powerdns | 1 Recursor | 2018-10-11 | 6.8 MEDIUM | N/A |
| PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information. | |||||
| CVE-2008-1552 | 2 Redhat, Silc | 5 Fedora, Silc, Silc Client and 2 more | 2018-10-11 | 6.8 MEDIUM | N/A |
| The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. | |||||
| CVE-2008-1482 | 1 Xine | 1 Xine-lib | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c. | |||||
| CVE-2008-1391 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. | |||||
| CVE-2008-1384 | 1 Php | 1 Php | 2018-10-11 | 5.0 MEDIUM | N/A |
| Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). | |||||
| CVE-2008-1379 | 1 X | 1 X11 | 2018-10-11 | 6.8 MEDIUM | N/A |
| Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. | |||||
| CVE-2008-1382 | 1 Libpng | 1 Libpng | 2018-10-11 | 7.5 HIGH | N/A |
| libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | |||||
| CVE-2008-1377 | 1 X | 1 X11 | 2018-10-11 | 9.0 HIGH | N/A |
| The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | |||||
| CVE-2008-1338 | 1 Perforce | 1 Perforce Server | 2018-10-11 | 7.8 HIGH | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. | |||||
| CVE-2008-1302 | 2 Microsoft, Perforce | 2 Windows, Perforce Server | 2018-10-11 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | |||||
| CVE-2008-1267 | 1 Siemens | 1 Speedstream 6520 | 2018-10-11 | 7.8 HIGH | N/A |
| The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field. | |||||
| CVE-2010-4370 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow. | |||||
| CVE-2010-3032 | 1 Sap | 1 Crystal Reports | 2018-10-10 | 10.0 HIGH | N/A |
| Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. | |||||
| CVE-2010-2879 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file. | |||||
| CVE-2010-2866 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie. | |||||
| CVE-2010-3000 | 2 Microsoft, Realnetworks | 3 Windows, Realplayer, Realplayer Sp | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. | |||||
| CVE-2010-3015 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 4.7 MEDIUM | N/A |
| Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. | |||||
| CVE-2010-2871 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
| Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie. | |||||
| CVE-2010-2586 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. | |||||
| CVE-2010-1930 | 1 Novell | 1 Imanager | 2018-10-10 | 5.0 MEDIUM | N/A |
| Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc. | |||||
| CVE-2010-1519 | 1 Glpng | 1 Glpng | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF function, leading to heap-based buffer overflows. | |||||
| CVE-2010-1513 | 1 Daniel Mealha Cabrita | 1 Ziproxy | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows. | |||||