Export limit exceeded: 44111 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44111 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5238 | 1 Xine | 1 Xine | 2026-04-23 | N/A |
| Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field. | ||||
| CVE-2008-5239 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not properly handle (a) negative and (b) zero values during unspecified read function calls in input_file.c, input_net.c, input_smb.c, and input_http.c, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors such as (1) a file or (2) an HTTP response, which triggers consequences such as out-of-bounds reads and heap-based buffer overflows. | ||||
| CVE-2008-5240 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input value to determine the memory allocation and does not check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG, and (4) CONT_TAG chunks processed by the real_parse_headers function in demux_real.c; which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or possibly execute arbitrary code via a crafted value. | ||||
| CVE-2008-5242 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not validate the count field before calling calloc for STSD_ATOM atom allocation, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted media file. | ||||
| CVE-2008-5245 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c. | ||||
| CVE-2008-5246 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5247 | 1 Xine | 1 Xine-lib | 2026-04-23 | N/A |
| The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value. | ||||
| CVE-2008-5259 | 1 Divx | 1 Divx Web Player | 2026-04-23 | N/A |
| Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow. | ||||
| CVE-2008-5260 | 1 Axis | 1 Axis Camera Control | 2026-04-23 | N/A |
| Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. | ||||
| CVE-2008-5262 | 1 Devil | 1 Developers Image Library | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file. | ||||
| CVE-2008-5263 | 1 Dmitry Baryshev | 1 Ksquirrel-libs | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file). | ||||
| CVE-2008-5276 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. | ||||
| CVE-2008-5277 | 1 Powerdns | 1 Powerdns | 2026-04-23 | N/A |
| PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. | ||||
| CVE-2008-5279 | 1 Zilab | 1 Zim Server | 2026-04-23 | N/A |
| The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5281 | 1 South River Technologies | 1 Titan Ftp Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command. | ||||
| CVE-2008-5282 | 1 W3c | 1 Amaya Web Browser | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute. | ||||
| CVE-2008-5284 | 1 Iea Software | 6 Air Marshal, Emerald, Radius Test Client and 3 more | 2026-04-23 | N/A |
| The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5286 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. | ||||
| CVE-2008-5297 | 1 Vitalwerks | 1 No-ip Duc | 2026-04-23 | N/A |
| Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function. | ||||
| CVE-2008-5316 | 2 Littlecms, Redhat | 3 Lcms, Little Cms Color Engine, Enterprise Linux | 2026-04-23 | N/A |
| Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. | ||||