Search
Total
2332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1711 | 1 Apple | 1 Safari | 2017-08-17 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | |||||
| CVE-2009-2651 | 1 Digium | 1 Asterisk | 2017-08-17 | 5.0 MEDIUM | N/A |
| main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer. | |||||
| CVE-2009-1858 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-08-17 | 9.3 HIGH | N/A |
| The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | |||||
| CVE-2009-2108 | 1 Git | 1 Git | 2017-08-17 | 5.0 MEDIUM | N/A |
| git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. | |||||
| CVE-2009-0925 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through snv_85, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6425723. | |||||
| CVE-2009-0749 | 1 Cosmin Truta | 1 Optipng | 2017-08-17 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. | |||||
| CVE-2009-0924 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, when running in 64-bit mode on x86 architectures, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6442712. | |||||
| CVE-2009-2966 | 1 Kaspersky | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2017-08-17 | 4.3 MEDIUM | N/A |
| avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. | |||||
| CVE-2009-2190 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 7.8 HIGH | N/A |
| launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. | |||||
| CVE-2009-0926 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the UFS filesystem functionality in Sun OpenSolaris snv_86 through snv_91, when running in 32-bit mode on x86 systems, allows local users to cause a denial of service (panic) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6679732. | |||||
| CVE-2009-0935 | 1 Linux | 1 Linux Kernel | 2017-08-17 | 4.7 MEDIUM | N/A |
| The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance. | |||||
| CVE-2008-7129 | 1 Xyssl | 1 Xyssl | 2017-08-17 | 5.0 MEDIUM | N/A |
| XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification. | |||||
| CVE-2009-0635 | 1 Cisco | 1 Ios | 2017-08-17 | 7.1 HIGH | N/A |
| Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. | |||||
| CVE-2008-7127 | 1 Microfocus | 1 Visibroker | 2017-08-17 | 5.0 MEDIUM | N/A |
| osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled. | |||||
| CVE-2008-7094 | 1 Unica | 1 Affinium Campaign | 2017-08-17 | 5.0 MEDIUM | N/A |
| Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure. | |||||
| CVE-2008-6141 | 1 Avaya | 1 Ip Soft Phone | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data. | |||||
| CVE-2008-5181 | 1 Microsoft | 1 Office Communicator | 2017-08-08 | 5.0 MEDIUM | N/A |
| Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. | |||||
| CVE-2008-6024 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-08 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of service (unresponsive NFS filesystems) via unknown vectors. | |||||
| CVE-2008-5185 | 1 Geshi | 1 Geshi | 2017-08-08 | 5.0 MEDIUM | N/A |
| The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<". | |||||
| CVE-2008-5620 | 1 Roundcube | 1 Webmail | 2017-08-08 | 7.8 HIGH | N/A |
| RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. | |||||
| CVE-2008-6000 | 1 Gdata | 3 Antivirus 2008, Internetsecurity 2008, Totalcare 2008 | 2017-08-08 | 7.2 HIGH | N/A |
| The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents. | |||||
| CVE-2008-5821 | 2 Apple, Microsoft | 2 Safari, Windows Vista | 2017-08-08 | 5.0 MEDIUM | N/A |
| Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | |||||
| CVE-2009-0069 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client in the kernel in Sun Solaris 10 and OpenSolaris before snv_102 allows local users to cause a denial of service (recursive mutex_enter and panic) via unspecified vectors. | |||||
| CVE-2008-5661 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-08 | 5.4 MEDIUM | N/A |
| The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference. | |||||
| CVE-2008-5822 | 1 Mozilla | 2 Firefox, Libxul | 2017-08-08 | 5.0 MEDIUM | N/A |
| Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document. | |||||
| CVE-2008-6107 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 4.9 MEDIUM | N/A |
| The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range (aka span) checks when the mremap MREMAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mremap calls, a related issue to CVE-2008-2137. | |||||
| CVE-2008-5006 | 1 University Of Washington | 1 Imap Toolkit | 2017-08-08 | 5.0 MEDIUM | N/A |
| smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code. | |||||
| CVE-2008-5033 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 7.8 HIGH | N/A |
| The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors. | |||||
| CVE-2008-5035 | 1 Ibm | 1 Hardware Management Console | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length. | |||||
| CVE-2008-5038 | 1 Novell | 1 Edirectory | 2017-08-08 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | |||||
| CVE-2008-4194 | 1 Pdnsd | 1 Pdnsd | 2017-08-08 | 5.0 MEDIUM | N/A |
| The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug." | |||||
| CVE-2008-4869 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2017-08-08 | 10.0 HIGH | N/A |
| FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | |||||
| CVE-2008-4678 | 1 Ibm | 1 Websphere Application Server | 2017-08-08 | 7.8 HIGH | N/A |
| The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." | |||||
| CVE-2008-4543 | 1 Cisco | 1 Unity | 2017-08-08 | 7.1 HIGH | N/A |
| Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. | |||||
| CVE-2008-4409 | 1 Xmlsoft | 1 Libxml2 | 2017-08-08 | 5.0 MEDIUM | N/A |
| libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | |||||
| CVE-2008-4403 | 1 Trend Micro | 1 Officescan | 2017-08-08 | 5.0 MEDIUM | N/A |
| The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism." | |||||
| CVE-2008-4285 | 1 Ibm | 1 Websphere Application Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance." | |||||
| CVE-2008-4246 | 1 Denora Irc Stats | 1 Denora Irc Stats | 2017-08-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allows remote IRC servers to cause a denial of service (application crash) via a crafted CTCP response. | |||||
| CVE-2008-4197 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux, Windows and 2 more | 2017-08-08 | 9.3 HIGH | N/A |
| Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. | |||||
| CVE-2008-3832 | 2 Linux, Redhat | 2 Linux Kernel, Fedora | 2017-08-08 | 4.9 MEDIUM | N/A |
| A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function. | |||||
| CVE-2008-3686 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 4.9 MEDIUM | N/A |
| The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference. | |||||
| CVE-2008-3621 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 9.3 HIGH | N/A |
| VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. | |||||
| CVE-2008-3613 | 1 Apple | 2 Mac Os X, Macbook Air | 2017-08-08 | 6.1 MEDIUM | N/A |
| Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | |||||
| CVE-2008-3608 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 9.3 HIGH | N/A |
| ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. | |||||
| CVE-2008-2752 | 1 Microsoft | 1 Word | 2017-08-08 | 7.1 HIGH | N/A |
| Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2734 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2017-08-08 | 7.1 HIGH | N/A |
| Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472. | |||||
| CVE-2008-2713 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 5.0 MEDIUM | N/A |
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. | |||||
| CVE-2008-2631 | 1 Altn | 1 Mdaemon | 2017-08-08 | 5.0 MEDIUM | N/A |
| The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2502 | 1 Emule | 1 X Ray | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the web server in eMule X-Ray before 1.4 allows remote attackers to trigger memory corruption via unknown attack vectors. | |||||
| CVE-2008-2943 | 1 Ibm | 1 Tivoli Directory Server | 2017-08-08 | 6.0 MEDIUM | N/A |
| Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server. | |||||