Total
1251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2674 | 1 Google | 1 Bionic | 2012-08-23 | 4.3 MEDIUM | N/A |
| Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | |||||
| CVE-2011-3974 | 1 Ffmpeg | 1 Ffmpeg | 2012-08-21 | 5.0 MEDIUM | N/A |
| Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362. | |||||
| CVE-2011-4352 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-08-20 | 6.8 MEDIUM | N/A |
| Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow. | |||||
| CVE-2012-4355 | 1 Sielcosistemi | 2 Winlog Lite, Winlog Pro | 2012-08-19 | 9.3 HIGH | N/A |
| TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. | |||||
| CVE-2012-4354 | 1 Sielcosistemi | 2 Winlog Lite, Winlog Pro | 2012-08-19 | 9.3 HIGH | N/A |
| TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0407 | 1 Emc | 1 Data Protection Advisor | 2012-08-13 | 5.0 MEDIUM | N/A |
| Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. | |||||
| CVE-2005-4895 | 1 Csilvers | 1 Gperftools | 2012-08-08 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | |||||
| CVE-2012-2676 | 1 Emery Berger | 1 Hoard | 2012-07-29 | 4.3 MEDIUM | N/A |
| Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected. | |||||
| CVE-2012-2675 | 1 Nedprod | 1 Nedmalloc | 2012-07-29 | 4.3 MEDIUM | N/A |
| Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | |||||
| CVE-2007-6754 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2012-07-26 | 5.0 MEDIUM | N/A |
| The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. | |||||
| CVE-2006-7252 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2012-07-25 | 5.0 MEDIUM | N/A |
| Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. | |||||
| CVE-2011-3464 | 1 Libpng | 1 Libpng | 2012-07-22 | 7.5 HIGH | N/A |
| Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. | |||||
| CVE-2011-5000 | 1 Openbsd | 1 Openssh | 2012-07-21 | 3.5 LOW | N/A |
| The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. | |||||
| CVE-2012-1163 | 1 Nih | 1 Libzip | 2012-07-15 | 6.8 MEDIUM | N/A |
| Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. | |||||
| CVE-2012-3368 | 1 Redhat | 1 Dtach | 2012-07-03 | 2.6 LOW | N/A |
| Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. | |||||
| CVE-2012-0659 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-29 | 6.8 MEDIUM | N/A |
| Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||||
| CVE-2012-0662 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-29 | 7.5 HIGH | N/A |
| Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | |||||
| CVE-2012-2428 | 1 Xarrow | 1 Xarrow | 2012-05-27 | 10.0 HIGH | N/A |
| Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation. | |||||
| CVE-2012-2429 | 1 Xarrow | 1 Xarrow | 2012-05-27 | 10.0 HIGH | N/A |
| The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-3362 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-05-17 | 6.8 MEDIUM | N/A |
| Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file. | |||||