Vulnerabilities (CVE)

Filtered by CWE-119
Total 12268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4171 1 Yahoo 1 Messenger 2025-04-09 4.3 MEDIUM N/A
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
CVE-2008-3338 1 Tibco 4 Hawk, Iprocess Engine, Mainframe Service Tracker and 1 more 2025-04-09 10.0 HIGH N/A
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
CVE-2008-6846 1 Avast 1 Avast Antivirus 2025-04-09 6.8 MEDIUM N/A
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.
CVE-2009-1356 1 Elecard 1 Elecard Avc Hd Player 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
CVE-2009-1722 1 Openexr 1 Openexr 2025-04-09 6.8 MEDIUM N/A
Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2006-6684 1 Pedro Lineu Orso 1 Chetcpasswd 2025-04-09 7.5 HIGH N/A
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2357 1 Matt Kimball And Roger Wolff 1 Mtr 2025-04-09 6.8 MEDIUM N/A
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
CVE-2009-2817 1 Apple 1 Itunes 2025-04-09 9.3 HIGH N/A
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
CVE-2008-1944 2 Redhat, Xensource 4 Desktop, Enterprise Linux, Virtualization Server and 1 more 2025-04-09 7.2 HIGH N/A
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages."
CVE-2007-5652 1 Ibm 1 Db2 2025-04-09 7.8 HIGH N/A
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2008-6821 1 Ibm 1 Db2 2025-04-09 10.0 HIGH N/A
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
CVE-2008-5050 1 Clam Anti-virus 1 Clamav 2025-04-09 9.3 HIGH N/A
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
CVE-2009-0323 1 W3 1 Amaya 2025-04-09 10.0 HIGH N/A
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
CVE-2008-0047 2 Apple, Cups 3 Mac Os X, Mac Os X Server, Cups 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
CVE-2009-2227 1 Blabsoft 1 Bopup Communication Server 2025-04-09 10.0 HIGH N/A
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
CVE-2009-2188 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 9.3 HIGH N/A
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
CVE-2009-4201 1 Assistanttools 1 Mp3 Tag Assistance Professional 2025-04-09 9.3 HIGH N/A
Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field.
CVE-2008-1196 1 Sun 3 Jdk, Jre, Sdk 2025-04-09 6.8 MEDIUM N/A
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.
CVE-2008-3155 1 Panda 1 Panda Activescan 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
CVE-2008-0320 1 Openoffice 1 Openoffice.org 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.