Search Results (45955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5252 1 Netsupport 2 Netsupport Manager Client, Netsupport School Student 2026-04-23 N/A
Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor statement, which is too vague to be sure that it is for this particular issue, says that only a denial of service is possible.
CVE-2008-2080 1 Nasa Goddard Space Flight Center 1 Common Data Format 2026-04-23 N/A
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.
CVE-2009-1759 1 Rahul 2 Ctorrent, Dtorrent 2026-04-23 N/A
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
CVE-2008-5094 1 Novell 1 Edirectory 2026-04-23 N/A
Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.
CVE-2006-5937 1 Grisoft 1 Avg Antivirus 2026-04-23 N/A
Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2007-0753 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
CVE-2008-5406 1 Apple 2 Itunes, Quicktime 2026-04-23 N/A
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
CVE-2007-5267 1 Libpng 1 Libpng 2026-04-23 N/A
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
CVE-2008-3794 1 Videolan 1 Vlc Media Player 2026-04-23 N/A
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
CVE-2009-3853 1 Ibm 1 Tivoli Storage Manager 2026-04-23 N/A
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
CVE-2006-7227 2 Pcre, Redhat 2 Pcre, Enterprise Linux 2026-04-23 N/A
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
CVE-2006-6684 1 Pedro Lineu Orso 1 Chetcpasswd 2026-04-23 N/A
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6067 3 Postgresql, Redhat, Tcl Tk 4 Postgresql, Enterprise Linux, Rhel Application Stack and 1 more 2026-04-23 N/A
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
CVE-2009-2468 1 Mozilla 1 Firefox 2026-04-23 N/A
Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.
CVE-2008-3529 5 Apple, Canonical, Debian and 2 more 7 Iphone Os, Mac Os X, Safari and 4 more 2026-04-23 N/A
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVE-2007-2522 1 Broadcom 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol 2026-04-23 N/A
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
CVE-2007-2510 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
CVE-2007-2508 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
CVE-2007-0018 33 Altdo, Americanshareware, Audio Edit Magic and 30 more 81 Convert Mp3 Master, Mp3 Record And Edit Audio Master, Mp3 Wav Converter and 78 more 2026-04-23 N/A
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.
CVE-2008-2696 1 Exiv2 1 Exiv2 2026-04-23 N/A
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.