Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0481 | 1 Greg Roelofs | 1 Libpng | 2024-02-04 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image. | |||||
| CVE-2005-2856 | 1 Winace | 1 Winace | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive. | |||||
| CVE-2004-2709 | 1 Phrozensmoke | 1 Gyach Enhanced | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags. | |||||
| CVE-2006-1469 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. | |||||
| CVE-2006-1148 | 1 Peercast | 1 Peercast | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp. | |||||
| CVE-2005-4092 | 1 Apple | 2 Itunes, Quicktime | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. | |||||
| CVE-2005-2335 | 1 Fetchmail | 1 Fetchmail | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier. | |||||
| CVE-2005-3192 | 1 Xpdf | 1 Xpdf | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. | |||||
| CVE-2006-4018 | 1 Clamav | 1 Clamav | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. | |||||
| CVE-2005-3051 | 1 Igor Pavlov | 1 7-zip | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block. | |||||
| CVE-2006-3946 | 1 Apple | 2 Mac Os X, Safari | 2024-02-04 | 7.5 HIGH | N/A |
| WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. | |||||
| CVE-2006-0021 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2024-02-04 | 7.8 HIGH | N/A |
| Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." | |||||
| CVE-2006-2407 | 3 Freeftpd, Freesshd, Weonlydo | 3 Freeftpd, Freesshd, Wodsshserver | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string. | |||||
| CVE-2004-1258 | 1 Moinejf | 1 Abcm2ps | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files. | |||||
| CVE-2005-0504 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value. | |||||
| CVE-2006-0855 | 1 Rahul Dhesi | 1 Zoo | 2024-02-04 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. | |||||
| CVE-2006-2200 | 2 Mimms, Xine | 2 Mimms, Xine-lib | 2024-02-04 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. | |||||
| CVE-2006-1463 | 1 Apple | 1 Quicktime | 2024-02-04 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value. | |||||
| CVE-2005-4840 | 1 Microsoft | 2 Internet Explorer, Outlook Express Book Control | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. | |||||
| CVE-2006-3401 | 1 Id Software | 1 Quake 3 Engine | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | |||||