Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36764 | 1 Tianocore | 1 Edk2 | 2024-03-13 | N/A | 7.8 HIGH |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2022-36763 | 1 Tianocore | 1 Edk2 | 2024-03-13 | N/A | 7.8 HIGH |
| EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-32331 | 2024-03-05 | N/A | 7.5 HIGH | ||
| IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979. | |||||
| CVE-2021-22894 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | |||||
| CVE-2024-24577 | 1 Libgit2 | 1 Libgit2 | 2024-02-27 | N/A | 9.8 CRITICAL |
| libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. | |||||
| CVE-2024-26149 | 2024-02-26 | N/A | 3.7 LOW | ||
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions. | |||||
| CVE-2017-16534 | 1 Linux | 1 Linux Kernel | 2024-02-16 | 7.2 HIGH | 6.8 MEDIUM |
| The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2008-0411 | 6 Debian, Ghostscript, Mandrakesoft and 3 more | 14 Debian Linux, Ghostscript, Mandrake Linux and 11 more | 2024-02-16 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. | |||||
| CVE-2009-4265 | 1 Pointdev | 1 Ideal Administration 2009 | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file. | |||||
| CVE-2003-1503 | 1 Aol | 1 Instant Messenger | 2024-02-14 | 10.0 HIGH | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. | |||||
| CVE-2009-1672 | 1 Sun | 1 Jre | 2024-02-14 | 9.3 HIGH | N/A |
| The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method. | |||||
| CVE-2008-0956 | 2 Backweb, Logitech | 2 Backweb, Desktop Manager | 2024-02-14 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-5005 | 1 University Of Washington | 2 Alpine, Imap Toolkit | 2024-02-14 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program. | |||||
| CVE-2009-1640 | 1 Nucleustechnologies | 1 Kernel Recovery | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file. | |||||
| CVE-2009-1639 | 1 Nucleustechnologies | 1 Kernel Recovery | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file. | |||||
| CVE-2009-4219 | 1 Haihaisoft | 1 Haihaisoft Universal Player | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0356 | 1 Viscomsoft | 1 Movie Player Pro Sdk Activex | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. | |||||
| CVE-2010-0392 | 1 Thegreenbow | 1 Ipsec Vpn Client | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2." | |||||
| CVE-2010-1033 | 1 Hp | 1 Operations Manager | 2024-02-14 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll. | |||||
| CVE-2011-3976 | 1 Ammsoft | 1 Scriptftp | 2024-02-14 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script. | |||||