Search Results (45994 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5972 1 Mit 1 Kerberos 5 2026-04-23 N/A
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
CVE-2007-5966 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2026-04-23 N/A
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
CVE-2008-1040 1 Fujitsu 6 Interstage Application Server Enterprise, Interstage Application Server Standard J, Interstage Apworks Enterprise and 3 more 2026-04-23 N/A
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.
CVE-2009-1309 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
CVE-2007-5545 1 Tibco 1 Smart Pgm Fx 2026-04-23 N/A
Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2009-2980 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
CVE-2008-0485 1 Mplayer 1 Mplayer 2026-04-23 N/A
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
CVE-2009-3699 1 Ibm 2 Aix, Vios 2026-04-23 N/A
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
CVE-2009-0520 2 Adobe, Redhat 5 Air, Flash Player, Flash Player For Linux and 2 more 2026-04-23 N/A
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
CVE-2009-1497 1 Gomlab 1 Gom Player 2026-04-23 N/A
Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.
CVE-2007-6697 1 Sdl 1 Sdl Image 2026-04-23 N/A
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
CVE-2007-4661 1 Php 1 Php 2026-04-23 N/A
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
CVE-2008-1472 2 Computer Associates, Unicenter 7 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Unicenter Dsm R11 List Control Atx and 4 more 2026-04-23 N/A
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
CVE-2009-0511 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
CVE-2007-4674 1 Apple 1 Quicktime 2026-04-23 N/A
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
CVE-2007-6631 1 Lscube 1 Libnemesi 2026-04-23 N/A
Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) get_transport_str_sctp, (7) get_transport_str_tcp, or (8) get_transport_str_udp in rtsp_transport.c.
CVE-2007-4677 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
CVE-2008-1482 1 Xine 1 Xine-lib 2026-04-23 N/A
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
CVE-2009-1490 1 Sendmail 1 Sendmail 2026-04-23 N/A
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
CVE-2008-1498 1 Netwin 1 Surgemail 2026-04-23 N/A
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.