Total
12268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5231 | 1 Novell | 1 Iprint | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431. | |||||
| CVE-2009-2703 | 1 Pidgin | 2 Libpurple, Pidgin | 2025-04-09 | 5.0 MEDIUM | N/A |
| libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. | |||||
| CVE-2008-3704 | 1 Microsoft | 4 Visual Basic, Visual Foxpro, Visual Studio and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." | |||||
| CVE-2008-2468 | 1 Landesk | 3 Landesk Management Suite, Landesk Security Suite, Landesk Server Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments. | |||||
| CVE-2008-4933 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. | |||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | |||||
| CVE-2008-0127 | 1 Mcafee | 1 E-business Server | 2025-04-09 | 8.8 HIGH | N/A |
| The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. | |||||
| CVE-2008-5176 | 1 Clientsoftware | 1 Wincom Mpd Total | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515. | |||||
| CVE-2008-5233 | 1 Xine | 1 Xine-lib | 2025-04-09 | 4.3 MEDIUM | N/A |
| xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | |||||
| CVE-2006-5601 | 1 Xsupplicant | 1 Xsupplicant | 2025-04-09 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-1375 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 5.0 MEDIUM | N/A |
| The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. | |||||
| CVE-2009-0849 | 3 Linux, Microsoft, Novastor | 3 Linux Kernel, Windows, Novanet | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3626 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | |||||
| CVE-2008-5419 | 1 Emc | 1 Control Center | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. | |||||
| CVE-2009-1068 | 1 Bsplayer | 1 Bs.player | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file. | |||||
| CVE-2008-1015 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||||
| CVE-2008-1720 | 1 Samba | 1 Rsync | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-7174 | 1 Juracapecoffee | 2 Internet Connectivity Kit, Jura Impressa | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions. | |||||
| CVE-2007-1256 | 1 Mozilla | 1 Firefox | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. | |||||
| CVE-2008-5356 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | |||||