Total
12019 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2685 | 1 Youngzsoft | 1 Ccproxy | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416. | |||||
CVE-2006-3199 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation. | |||||
CVE-2005-3354 | 1 Sylpheed | 1 Sylpheed | 2023-12-10 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. | |||||
CVE-2005-4444 | 1 David Harris | 1 Pegasus Mail | 2023-12-10 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply. | |||||
CVE-2006-2108 | 1 Oce North America | 2 3121 Printer, 3122 Printer | 2023-12-10 | 7.8 HIGH | N/A |
parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow. | |||||
CVE-2005-3193 | 1 Xpdf | 1 Xpdf | 2023-12-10 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. | |||||
CVE-2005-1812 | 1 Futuresoft | 1 Tftp Server 2000 | 2023-12-10 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet. | |||||
CVE-2006-3459 | 2 Adobe, Libtiff | 2 Acrobat Reader, Libtiff | 2023-12-10 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | |||||
CVE-2006-4326 | 1 Justsystem | 3 Formliner, Ichitaro, Ichitaro Government | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information. | |||||
CVE-2005-3317 | 1 Zipgenius | 1 Zipgenius | 2023-12-10 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll. | |||||
CVE-2006-1868 | 1 Oracle | 1 Database Server | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03. | |||||
CVE-2005-2856 | 1 Winace | 1 Winace | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive. | |||||
CVE-2006-2297 | 1 Microsoft | 1 Infotech Storage System Library | 2023-12-10 | 4.0 MEDIUM | N/A |
Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling. | |||||
CVE-2005-3065 | 1 Multitheftauto | 1 Multitheftauto | 2023-12-10 | 5.0 MEDIUM | N/A |
MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read. | |||||
CVE-2006-0006 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. | |||||
CVE-2006-4018 | 1 Clamav | 1 Clamav | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. | |||||
CVE-2005-4807 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. | |||||
CVE-2006-4431 | 1 Zend | 1 Zend Platform | 2023-12-10 | 7.5 HIGH | N/A |
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID). | |||||
CVE-2005-2310 | 1 Nullsoft | 1 Winamp | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. | |||||
CVE-2005-4092 | 1 Apple | 2 Itunes, Quicktime | 2023-12-10 | 7.5 HIGH | N/A |
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. |