Total
12531 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5239 | 1 Xine | 1 Xine-lib | 2025-04-09 | 4.3 MEDIUM | N/A |
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows. | |||||
CVE-2009-1377 | 1 Openssl | 1 Openssl | 2025-04-09 | 5.0 MEDIUM | N/A |
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." | |||||
CVE-2009-1815 | 1 Sonicspot | 1 Audioactive Player | 2025-04-09 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file. | |||||
CVE-2008-0924 | 1 Novell | 1 Edirectory | 2025-04-09 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. | |||||
CVE-2008-7162 | 1 Heroshare | 1 Hero Super Player 3000 | 2025-04-09 | 9.3 HIGH | N/A |
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504. | |||||
CVE-2009-1022 | 1 Gomlab | 1 Gom Encoder | 2025-04-09 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a subtitle (.srt) file. | |||||
CVE-2009-3130 | 1 Microsoft | 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." | |||||
CVE-2008-0763 | 1 Larson Software Technology | 1 Network Print Server | 2025-04-09 | 10.0 HIGH | N/A |
Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114. | |||||
CVE-2009-0363 | 2 Barnowl, Ktools | 2 Barnowl, Owl | 2025-04-09 | 7.5 HIGH | N/A |
Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products. | |||||
CVE-2007-2418 | 1 Cerulean Studios | 1 Trillian Pro | 2025-04-09 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. | |||||
CVE-2006-6288 | 1 Niek Albers | 1 Coolplayer | 2025-04-09 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c. | |||||
CVE-2009-1274 | 1 Xine | 1 Xine-lib | 2025-04-09 | 5.0 MEDIUM | N/A |
Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. | |||||
CVE-2008-3529 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Safari and 3 more | 2025-04-09 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | |||||
CVE-2007-6562 | 1 Tcpreen | 1 Tcpreen | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp. | |||||
CVE-2008-4575 | 1 Sentex | 1 Jhead | 2025-04-09 | 5.0 MEDIUM | N/A |
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." | |||||
CVE-2008-2880 | 1 Ibm | 1 Afp Viewer Plug-in | 2025-04-09 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-5882 | 2 Broadcom, Linksys | 2 Bcmwl5.sys Wireless Device Driver, Wpc300n Wireless-n Notebook Adapter Driver | 2025-04-09 | 8.3 HIGH | N/A |
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field. | |||||
CVE-2006-6684 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2025-04-09 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-4664 | 1 Qvod | 1 Qvod Player | 2025-04-09 | 9.3 HIGH | N/A |
Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-5178 | 2 Microsoft, Opera | 2 Windows, Opera | 2025-04-09 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680. |