Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4052 | 1 Hp | 1 Openvms | 2024-02-04 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors. | |||||
| CVE-2008-3869 | 1 Sun | 1 Solaris | 2024-02-04 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. | |||||
| CVE-2009-3670 | 1 Ksplayer | 1 Ksp Sound Player | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. | |||||
| CVE-2008-5176 | 1 Clientsoftware | 1 Wincom Mpd Total | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515. | |||||
| CVE-2008-5406 | 1 Apple | 2 Itunes, Quicktime | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | |||||
| CVE-2008-7166 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364. | |||||
| CVE-2009-0146 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. | |||||
| CVE-2008-4933 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.8 HIGH | N/A |
| Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. | |||||
| CVE-2008-1809 | 1 Novell | 1 Edirectory | 2024-02-04 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." | |||||
| CVE-2008-3432 | 1 Vim | 1 Vim | 2024-02-04 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | |||||
| CVE-2008-0053 | 1 Apple | 1 Cups | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. | |||||
| CVE-2009-2188 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. | |||||
| CVE-2009-0659 | 1 Tptest | 1 Tptest | 2024-02-04 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5911 | 1 Realnetworks | 2 Helix Server, Helix Server Mobile | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request. | |||||
| CVE-2009-1326 | 1 Mini-stream | 1 Rm Downloader | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. | |||||
| CVE-2008-0992 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.8 MEDIUM | N/A |
| Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. | |||||
| CVE-2008-4028 | 1 Microsoft | 8 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Outlook and 5 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. | |||||
| CVE-2008-5279 | 1 Zilab | 1 Zim Server | 2024-02-04 | 10.0 HIGH | N/A |
| The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3896 | 2 F5, Nginx | 2 Nginx, Nginx | 2024-02-04 | 5.0 MEDIUM | N/A |
| src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | |||||
| CVE-2008-4508 | 1 Tonec Inc. | 1 Internet Download Manager | 2024-02-04 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210. | |||||