Total
1224 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1706 | 1 Ibm | 1 Soliddb | 2018-10-11 | 4.3 MEDIUM | N/A |
Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. | |||||
CVE-2008-1686 | 2 Xine, Xiph | 3 Xine-lib, Libfishsound, Speex | 2018-10-11 | 9.3 HIGH | N/A |
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | |||||
CVE-2008-1637 | 1 Powerdns | 1 Recursor | 2018-10-11 | 6.8 MEDIUM | N/A |
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information. | |||||
CVE-2008-1552 | 2 Redhat, Silc | 5 Fedora, Silc, Silc Client and 2 more | 2018-10-11 | 6.8 MEDIUM | N/A |
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. | |||||
CVE-2008-1482 | 1 Xine | 1 Xine-lib | 2018-10-11 | 6.8 MEDIUM | N/A |
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c. | |||||
CVE-2008-1391 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2018-10-11 | 7.5 HIGH | N/A |
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. | |||||
CVE-2008-1384 | 1 Php | 1 Php | 2018-10-11 | 5.0 MEDIUM | N/A |
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions). | |||||
CVE-2008-1382 | 1 Libpng | 1 Libpng | 2018-10-11 | 7.5 HIGH | N/A |
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | |||||
CVE-2008-1379 | 1 X | 1 X11 | 2018-10-11 | 6.8 MEDIUM | N/A |
Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. | |||||
CVE-2008-1377 | 1 X | 1 X11 | 2018-10-11 | 9.0 HIGH | N/A |
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | |||||
CVE-2008-1338 | 1 Perforce | 1 Perforce Server | 2018-10-11 | 7.8 HIGH | N/A |
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. | |||||
CVE-2008-1302 | 2 Microsoft, Perforce | 2 Windows, Perforce Server | 2018-10-11 | 5.0 MEDIUM | N/A |
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | |||||
CVE-2008-1267 | 1 Siemens | 1 Speedstream 6520 | 2018-10-11 | 7.8 HIGH | N/A |
The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field. | |||||
CVE-2010-4370 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow. | |||||
CVE-2010-3032 | 1 Sap | 1 Crystal Reports | 2018-10-10 | 10.0 HIGH | N/A |
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. | |||||
CVE-2010-3000 | 2 Microsoft, Realnetworks | 3 Windows, Realplayer, Realplayer Sp | 2018-10-10 | 9.3 HIGH | N/A |
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. | |||||
CVE-2010-2879 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file. | |||||
CVE-2010-2871 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie. | |||||
CVE-2010-2866 | 1 Adobe | 1 Shockwave Player | 2018-10-10 | 9.3 HIGH | N/A |
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie. | |||||
CVE-2010-2586 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. |