Vulnerabilities (CVE)

Filtered by CWE-119
Total 12492 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0776 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
CVE-2007-6250 2 Aol, Microsoft 2 Aolmediaplaybackcontrol, Ampx 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.
CVE-2008-4025 1 Microsoft 8 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Outlook and 5 more 2025-04-09 9.3 HIGH N/A
Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability."
CVE-2007-5560 1 Juniper 1 Http Service 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2009-3280 1 Linux 1 Linux Kernel 2025-04-09 7.8 HIGH N/A
Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets.
CVE-2008-5557 1 Php 1 Php 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
CVE-2007-5244 1 Borland Software 1 Interbase 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.
CVE-2008-7015 2 Epic Games, Frontlines 2 Unreal Tournament, Fuel Of War 2025-04-09 5.0 MEDIUM N/A
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
CVE-2009-0449 1 Kaspersky Lab 1 Kaspersky Anti-virus 2025-04-09 7.2 HIGH N/A
Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.
CVE-2007-6535 1 Yahoo 1 Toolbar 2025-04-09 6.8 MEDIUM N/A
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
CVE-2006-6288 1 Niek Albers 1 Coolplayer 2025-04-09 4.6 MEDIUM N/A
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c.
CVE-2009-0184 1 Free Download Manager 1 Free Download Manager 2025-04-09 9.3 HIGH N/A
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
CVE-2009-0012 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
CVE-2007-5249 1 Americasarmy 2 America\'s Army, America\'s Army Special Forces 2025-04-09 4.3 MEDIUM N/A
Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
CVE-2008-4449 1 Mirc 1 Mirc 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
CVE-2008-2829 2 Canonical, Php 2 Ubuntu Linux, Php 2025-04-09 5.0 MEDIUM N/A
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
CVE-2009-2877 1 Cisco 1 Webex 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
CVE-2009-1437 1 Coolplayer 1 Coolplayer 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
CVE-2007-4662 1 Php 1 Php 2025-04-09 7.5 HIGH N/A
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
CVE-2009-2800 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 6.8 MEDIUM N/A
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.