CVE Daily
← All tags

Tag: Buffer Overflow

All CVEs associated with "Buffer Overflow". Page 129/160 • 19109 CVEs.

Subscribe CVEs: RSS for “Buffer Overflow”  ·  RSS (High+Critical only)

About “Buffer Overflow”

A curated feed of “Buffer Overflow”-related CVEs appears below. We currently track 19109 CVEs for this tag (all time). In the last 365 days, 2722 were published. Average CVSS is 7.9 (all time; 8.0 over 365d), and 78% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-121 - Stack-based Buffer Overflow, CWE-122 - Heap-based Buffer Overflow.

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-10-04
Medium

CVE-2007-5198

Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location heade…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-10-01
Critical

CVE-2007-5003

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-5082

Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent s…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-5083

Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service comm…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-5144

Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) a…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-5145

Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-5155

IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, whic…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2007-09-28
Medium

CVE-2007-5137

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which l…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4880

Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-26
Critical

CVE-2007-5107

Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute ar…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-5094

Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages wi…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-24
High

CVE-2007-5067

Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-5070

Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4986

Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, whic…

CVSS: 6.8 CWE: CWE-189 View on NVD
High

CVE-2007-4988

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers…

CVSS: 7.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
Medium

CVE-2007-5064

Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-5036

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query s…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2007-5037

Buffer overflow in the inotifytools_snprintf function in src/inotifytools.c in the inotify-tools library before 3.11 allows context-dependent attackers to execute arbitrary code via a long filename.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-5048

Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-21
Critical

CVE-2007-0062

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-0063

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE be…

CVSS: 10.0 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2007-4066

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changeset…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-20
Medium

CVE-2007-5018

Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CV…

CVSS: 6.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-5019

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalle…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-19
Medium

CVE-2007-3286

Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4974

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-18
Medium

CVE-2007-4965

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive informati…

CVSS: 5.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with…

CVSS: 9.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2007-0326

Multiple stack-based buffer overflows in the PhotoChannel Networks PNI Digital Media Photo Upload Plugin ActiveX control before 2.0.0.10, as used by multiple retailers, allow remote attackers to exec…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-ba…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4938

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .a…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4939

Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, a…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4943

Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of argume…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-17
Critical

CVE-2007-4916

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFil…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4903

Multiple buffer overflows in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allow remote attackers to execute arbitrary code via (1) a long string in the first…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-14
Critical

CVE-2007-1688

Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-12
Medium

CVE-2007-4727

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and exe…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4838

Multiple buffer overflows in CellFactor Revolution 1.03 and earlier allow remote attackers to execute arbitrary code via a long string in a (1) 0x21, (2) 0x22, or (3) 0x23 packet.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-3040

Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4731

Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet t…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-11
Medium

CVE-2007-4730

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large p…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4814

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attacke…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4816

Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4821

Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the Http…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4823

Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4802

Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItem…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4803

Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Tit…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4812

Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-10
Critical

CVE-2007-4776

Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Re…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4790

Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01,…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4791

Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-200…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4792

Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4793

Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4794

Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4795

Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4796

Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4797

Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4470

Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-08
Critical

CVE-2007-4758

Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code v…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-06
Critical

CVE-2007-4472

Multiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4743

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other appl…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4748

Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-3752

Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom o…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4734

Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4735

Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-05
Critical

CVE-2007-0322

Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4722

Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4725

Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via…

CVSS: 6.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Critical

CVE-2007-3999

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerb…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4476

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-04
High

CVE-2007-4661

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has un…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4662

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-08-31
Medium

CVE-2007-4635

Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstra…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2007-4642

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1)…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4646

Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2007-4648

The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-2931

Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2007-2954

Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long argument…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4515

Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code vi…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4629

Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long lay…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4467

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attac…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2007-4607

Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to e…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-08-29
Critical

CVE-2007-4221

Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user n…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2007-4582

Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary co…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4584

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4586

Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as dem…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-08-28
Medium

CVE-2006-7222

Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-4561

Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2007-4566

Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4549

Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Sit…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-08-27
Medium

CVE-2007-4537

Heap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet.

CVSS: 6.8 CWE: N/A View on NVD
2007-08-25
High

CVE-2007-4534

Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and pos…

CVSS: 7.5 CWE: N/A View on NVD
2007-08-23
Medium

CVE-2007-4507

Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getus…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-4508

Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a l…

CVSS: 6.8 CWE: N/A View on NVD
2007-08-22
Medium

CVE-2007-3873

Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when th…

CVSS: 6.9 CWE: N/A View on NVD
Critical

CVE-2007-4218

Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2007-4219

Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remo…

CVSS: 10.0 CWE: CWE-189 View on NVD
Medium

CVE-2007-4489

Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2007-4490

Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1…

CVSS: 10.0 CWE: N/A View on NVD
2007-08-21
Critical

CVE-2007-3618

Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request wi…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2007-4440

Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string.…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4441

Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2007-4442

Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-4444

Multiple buffer overflows in Image Space rFactor 1.250 and earlier allow remote attackers to execute arbitrary code via a packet with ID (1) 0x80 or (2) 0x88 to UDP port 34297, related to the buffer…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-4447

Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of ser…

CVSS: 7.5 CWE: N/A View on NVD
2007-08-20
Medium

CVE-2007-4425

Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 pac…

CVSS: 6.0 CWE: N/A View on NVD
2007-08-18
Medium

CVE-2007-4276

Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are…

CVSS: 6.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4423

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-08-17
Critical

CVE-2007-4391

Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, a…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2007-08-16
Medium

CVE-2007-4377

Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2…

CVSS: 6.0 CWE: N/A View on NVD
2007-08-15
High

CVE-2007-4370

Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-4278

Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2007-0319

Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Mana…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-4353

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall program…

CVSS: 6.9 CWE: N/A View on NVD
High

CVE-2007-4354

Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2007-4355

Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: N/A View on NVD
2007-08-14
Critical

CVE-2007-0948

Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS vi…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-1749

Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary cod…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-2223

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer over…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-2224

Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arb…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD