Total
1227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5714 | 1 Qemu | 1 Qemu | 2025-04-09 | 7.8 HIGH | N/A |
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. | |||||
CVE-2010-0316 | 1 Google | 1 Google Sketchup | 2025-04-09 | 9.3 HIGH | N/A |
Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file. | |||||
CVE-2008-6995 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI. | |||||
CVE-2025-3408 | 2025-04-08 | 7.5 HIGH | 6.3 MEDIUM | ||
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2005-0739 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions. | |||||
CVE-2006-1458 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. | |||||
CVE-2006-1249 | 1 Apple | 2 Itunes, Quicktime | 2025-04-03 | 6.8 MEDIUM | N/A |
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | |||||
CVE-2002-2367 | 1 Socks5 | 1 Socks5 | 2025-04-03 | 7.8 HIGH | N/A |
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname. | |||||
CVE-2005-3711 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. | |||||
CVE-2005-2495 | 1 Xfree86 Project | 1 Xfree86 | 2025-04-03 | 5.1 MEDIUM | N/A |
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. | |||||
CVE-2003-1432 | 1 Epic Games | 2 Unreal Engine, Unreal Tournament 2003 | 2025-04-03 | 10.0 HIGH | N/A |
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. | |||||
CVE-2006-1467 | 1 Apple | 1 Itunes | 2025-04-03 | 5.1 MEDIUM | N/A |
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. | |||||
CVE-2006-0747 | 1 Freetype | 1 Freetype | 2025-04-03 | 5.0 MEDIUM | N/A |
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. | |||||
CVE-2005-4837 | 2 Net-snmp, Sourceforge | 2 Net-snmp, Net-snmp | 2025-04-03 | 10.0 HIGH | N/A |
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | |||||
CVE-2006-3486 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability | |||||
CVE-2003-0372 | 1 Nessus | 1 Nessus | 2025-04-03 | 4.6 MEDIUM | N/A |
Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. | |||||
CVE-2006-3467 | 1 Freetype | 1 Freetype | 2025-04-03 | 7.5 HIGH | N/A |
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. | |||||
CVE-2006-3630 | 1 Wireshark | 1 Wireshark | 2025-04-03 | 7.5 HIGH | N/A |
Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors. | |||||
CVE-2005-1852 | 4 Centericq, Ekg, Kadu and 1 more | 4 Centericq, Ekg, Kadu and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | |||||
CVE-2006-2197 | 1 Wvware | 1 Wv2 | 2025-04-03 | 6.5 MEDIUM | N/A |
Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document. |