Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4812 | 1 Apple | 1 Safari | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method. | |||||
| CVE-2008-0702 | 1 South River Technologies | 1 Titan Ftp Server | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. | |||||
| CVE-2007-5360 | 2 Openpegasus, Vmware | 2 Management Server, Esx | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003. | |||||
| CVE-2006-6125 | 1 Netgear | 1 Wg311v1 | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. | |||||
| CVE-2007-4791 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978. | |||||
| CVE-2008-0248 | 1 Streamaudio | 1 Chaincast Proxymanager Activex Control | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method. | |||||
| CVE-2006-7157 | 1 Google | 1 Earth | 2024-02-04 | 7.1 HIGH | N/A |
| Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element. | |||||
| CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | |||||
| CVE-2008-0619 | 1 Nero | 1 Mediaplayer | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file. | |||||
| CVE-2008-0227 | 1 Yassl | 1 Yassl | 2024-02-04 | 7.5 HIGH | N/A |
| yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp. | |||||
| CVE-2007-4277 | 1 Trend Micro | 2 Pc-cillin Internet Security 2007, Scan Engine | 2024-02-04 | 6.6 MEDIUM | N/A |
| The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. | |||||
| CVE-2006-5177 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2024-02-04 | 9.3 HIGH | N/A |
| The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read. | |||||
| CVE-2007-5252 | 1 Netsupport | 2 Netsupport Manager Client, Netsupport School Student | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor statement, which is too vague to be sure that it is for this particular issue, says that only a denial of service is possible. | |||||
| CVE-2007-5301 | 1 Alsaplayer | 1 Alsaplayer | 2024-02-04 | 6.8 MEDIUM | N/A |
| Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments. | |||||
| CVE-2007-3410 | 1 Realnetworks | 4 Helix Player, Realone Player, Realplayer and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value. | |||||
| CVE-2007-4665 | 1 Firebirdsql | 1 Firebird | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403. | |||||
| CVE-2007-3911 | 1 Bakbone | 1 Netvault Reporter | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests. | |||||
| CVE-2007-5929 | 1 Openbase International Ltd | 1 Openbase | 2024-02-04 | 9.0 HIGH | N/A |
| Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption. | |||||
| CVE-2007-0272 | 1 Oracle | 1 Database Server | 2024-02-04 | 8.5 HIGH | N/A |
| Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. | |||||
| CVE-2007-5029 | 1 Dibbler | 1 Dibbler | 2024-02-04 | 5.0 MEDIUM | N/A |
| Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options. | |||||