Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3861 | 1 Safenet-inc | 1 Softremote | 2024-02-14 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). | |||||
| CVE-2005-1462 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 7.5 HIGH | N/A |
| Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code. | |||||
| CVE-2014-3466 | 1 Gnu | 1 Gnutls | 2024-02-14 | 6.8 MEDIUM | N/A |
| Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. | |||||
| CVE-2003-0899 | 1 Acme Labs | 1 Thttpd | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. | |||||
| CVE-2007-6041 | 1 Rigs Of Rogs | 1 Rigs Of Rogs | 2024-02-14 | 7.5 HIGH | N/A |
| Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code by sending a nickname, then a vehicle name in a MSG2_USE_VEHICLE message, in which the combined length triggers the overflow. | |||||
| CVE-2009-1671 | 1 Sun | 1 Jre | 2024-02-14 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method. | |||||
| CVE-2009-4588 | 1 Awingsoft | 2 Awakening Winds3d Player, Awakening Winds3d Viewer | 2024-02-14 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0210 | 1 Areva | 1 E-terrahabitat | 2024-02-14 | 10.0 HIGH | N/A |
| Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service (system crash) via unspecified vectors, aka PD28578. | |||||
| CVE-2008-5664 | 1 Realtek | 1 Realtek Media Player | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file. | |||||
| CVE-2008-3878 | 1 Ultrashareware | 1 Ultra Office Control | 2024-02-14 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method. | |||||
| CVE-2019-11360 | 1 Netfilter | 1 Iptables | 2024-02-14 | 3.5 LOW | 4.2 MEDIUM |
| A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. | |||||
| CVE-2007-5892 | 1 Ssreader | 1 Ultra Star Reader | 2024-02-14 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method. NOTE: some details were obtained from third party sources. | |||||
| CVE-2009-3711 | 1 Jasper | 1 Httpdx | 2024-02-14 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2008-5177 | 1 Insight-tech | 1 Yosemite Backup | 2024-02-14 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication. | |||||
| CVE-2024-24560 | 1 Vyperlang | 1 Vyper | 2024-02-12 | N/A | 5.3 MEDIUM |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned. | |||||
| CVE-2024-24561 | 1 Vyperlang | 1 Vyper | 2024-02-09 | N/A | 9.8 CRITICAL |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array. | |||||
| CVE-2024-0338 | 1 Apachefriends | 1 Xampp | 2024-02-09 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). | |||||
| CVE-2014-3181 | 1 Linux | 1 Linux Kernel | 2024-02-09 | 6.9 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. | |||||
| CVE-2018-12233 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. | |||||
| CVE-2024-1112 | 1 Angusj | 1 Resource Hacker | 2024-02-09 | N/A | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument. | |||||