Search Results (21038 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43312 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
CVE-2021-43311 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
CVE-2021-43313 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
CVE-2021-43317 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
CVE-2021-43316 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
CVE-2021-43314 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
CVE-2021-43315 1 Upx 1 Upx 2025-04-11 7.5 High
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
CVE-2023-23456 2 Fedoraproject, Upx 2 Fedora, Upx 2025-04-11 5.3 Medium
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVE-2010-1281 3 Adobe, Apple, Microsoft 3 Shockwave Player, Macos, Windows 2025-04-11 8.8 High
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
CVE-2012-3075 1 Cisco 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more 2025-04-11 N/A
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
CVE-2012-2806 1 D.r.commander 1 Libjpeg-turbo 2025-04-11 8.8 High
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image.
CVE-2012-2516 1 Ge 5 Intelligent Platforms Proficy Batch Execution, Intelligent Platforms Proficy Historian, Intelligent Platforms Proficy Hmi\/scada Ifix and 2 more 2025-04-11 N/A
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."
CVE-2012-2140 2 Cloudforms Cloudengine, Rubygems 2 1, Mail Gem 2025-04-11 N/A
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
CVE-2012-1144 3 Freetype, Mozilla, Redhat 3 Freetype, Firefox Mobile, Enterprise Linux 2025-04-11 N/A
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
CVE-2012-1142 3 Freetype, Mozilla, Redhat 3 Freetype, Firefox Mobile, Enterprise Linux 2025-04-11 N/A
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
CVE-2012-1134 3 Freetype, Mozilla, Redhat 3 Freetype, Firefox Mobile, Enterprise Linux 2025-04-11 N/A
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
CVE-2012-1133 2 Freetype, Mozilla 2 Freetype, Firefox Mobile 2025-04-11 N/A
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
CVE-2012-0254 1 Honeywell 3 Enterprise Building Manager, Experion, Symmetre 2025-04-11 N/A
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-4373 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Reader, Macos and 2 more 2025-04-11 9.8 Critical
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
CVE-2011-4370 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Reader, Macos and 2 more 2025-04-11 N/A
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.