Total
12502 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4812 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method. | |||||
| CVE-2009-0443 | 1 Elecard | 1 Elecard Avc Hd Player | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL. | |||||
| CVE-2009-0246 | 1 Easyhdr | 1 Easyhdr | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file. | |||||
| CVE-2007-0670 | 1 Ibm | 1 Aix | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin. | |||||
| CVE-2007-2867 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. | |||||
| CVE-2008-0528 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data. | |||||
| CVE-2008-0151 | 1 Foxitsoftware | 1 Wac Server | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options. | |||||
| CVE-2008-1101 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document. | |||||
| CVE-2008-5176 | 1 Clientsoftware | 1 Wincom Mpd Total | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515. | |||||
| CVE-2006-5815 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." | |||||
| CVE-2009-0196 | 1 Ghostscript | 1 Ghostscript | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. | |||||
| CVE-2007-2244 | 1 Adobe | 3 Golive, Illustrator, Photoshop | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. | |||||
| CVE-2008-0493 | 1 Irfanview | 1 Irfanview | 2025-04-09 | 9.3 HIGH | N/A |
| fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3546 | 2 Libgd, Php | 2 Gd Graphics Library, Php | 2025-04-09 | 9.3 HIGH | N/A |
| The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5198 | 1 Nagios | 1 Plugins | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters. | |||||
| CVE-2008-1021 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. | |||||
| CVE-2007-6631 | 1 Lscube | 1 Libnemesi | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) get_transport_str_sctp, (7) get_transport_str_tcp, or (8) get_transport_str_udp in rtsp_transport.c. | |||||
| CVE-2007-4582 | 1 Acti | 1 Network Video Recorder | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method. | |||||
| CVE-2007-5989 | 1 Skype Technologies | 1 Skype | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. | |||||
| CVE-2007-3551 | 1 Bbs100 | 1 Bbs100 | 2025-04-09 | 6.1 MEDIUM | N/A |
| Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c. | |||||