A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable.
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."
Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.
Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.
Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.