| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." |
| Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. |
| Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file. |
| Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information. |
| Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. |
| Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
| Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. |
| Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. |
| WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. |
| Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. |
| Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding. |
| Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437. |
| The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka Bug ID CSCtz35999. |
| Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c. |
| Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
| PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory. |
| Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data. |
| Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. |
| Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437. |
| Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. |