Search
Total
2614 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7245 | 1 Opera | 1 Opera Browser | 2018-10-11 | 5.0 MEDIUM | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | |||||
| CVE-2008-7244 | 1 Mozilla | 1 Firefox | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | |||||
| CVE-2008-7061 | 1 Google | 1 Chrome | 2018-10-11 | 4.3 MEDIUM | N/A |
| The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists. | |||||
| CVE-2008-7011 | 6 Digital Extreme, Epic Games, Groove Games and 3 more | 6 Pariah, Unreal Tournament, Warpath and 3 more | 2018-10-11 | 4.0 MEDIUM | N/A |
| The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set. | |||||
| CVE-2008-6713 | 1 Massive Entertainment | 1 Wic | 2018-10-11 | 5.0 MEDIUM | N/A |
| World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference. | |||||
| CVE-2008-6218 | 1 Libpng | 1 Libpng | 2018-10-11 | 7.1 HIGH | N/A |
| Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. | |||||
| CVE-2008-6194 | 1 Microsoft | 1 Windows | 2018-10-11 | 7.8 HIGH | N/A |
| Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. | |||||
| CVE-2008-6219 | 1 Emc | 5 Networker Client, Networker Module, Networker Powersnap and 2 more | 2018-10-11 | 7.8 HIGH | N/A |
| nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. | |||||
| CVE-2008-5747 | 1 F-prot | 1 F-prot Antivirus | 2018-10-11 | 5.0 MEDIUM | N/A |
| F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor. | |||||
| CVE-2008-5731 | 1 Pgp | 1 Desktop | 2018-10-11 | 4.9 MEDIUM | N/A |
| The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5700 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 1.9 LOW | N/A |
| libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. | |||||
| CVE-2008-5679 | 1 Opera | 1 Opera | 2018-10-11 | 9.3 HIGH | N/A |
| The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. | |||||
| CVE-2008-5563 | 2 Aruba Networks, Arubanetworks | 3 Aruba Mobility Controller, Aruba Mobility Controllers, Aruba Mobility Controller | 2018-10-11 | 7.8 HIGH | N/A |
| Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame. | |||||
| CVE-2008-5689 | 1 Sun | 2 Opensolaris, Solaris | 2018-10-11 | 7.2 HIGH | N/A |
| tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference. | |||||
| CVE-2008-5429 | 1 Incredimail | 1 Incredimail | 2018-10-11 | 4.3 MEDIUM | N/A |
| Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-5428 | 2 Microsoft, Opera | 2 Windows Xp, Opera | 2018-10-11 | 4.3 MEDIUM | N/A |
| Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-5427 | 1 Symantec | 1 Norton Internet Security 2008 | 2018-10-11 | 4.3 MEDIUM | N/A |
| Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-5426 | 1 Kaspersky Lab | 1 Kaspersky Internet Security Suite | 2018-10-11 | 4.3 MEDIUM | N/A |
| Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-5425 | 1 Eset | 1 Nod32 Antivirus | 2018-10-11 | 4.3 MEDIUM | N/A |
| ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-5424 | 1 Microsoft | 1 Outlook Express | 2018-10-11 | 4.3 MEDIUM | N/A |
| The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-5402 | 2 Cerulean Studios, Ceruleanstudios | 4 Trillian, Trillian Pro, Trillian and 1 more | 2018-10-11 | 10.0 HIGH | N/A |
| Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." | |||||
| CVE-2008-5300 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 4.9 MEDIUM | N/A |
| Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. | |||||
| CVE-2008-5285 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. | |||||
| CVE-2008-5079 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 4.9 MEDIUM | N/A |
| net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. | |||||
| CVE-2008-4800 | 1 Microsoft | 1 Debug Diagnostic Tool | 2018-10-11 | 5.0 MEDIUM | N/A |
| The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | |||||
| CVE-2008-4683 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | |||||
| CVE-2008-4681 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | |||||
| CVE-2008-4680 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.3 MEDIUM | N/A |
| packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | |||||
| CVE-2008-4685 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | |||||
| CVE-2008-4684 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.3 MEDIUM | N/A |
| packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | |||||
| CVE-2008-4558 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 6.8 MEDIUM | N/A |
| Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. | |||||
| CVE-2008-4546 | 1 Adobe | 1 Flash Player | 2018-10-11 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. | |||||
| CVE-2008-4382 | 1 Kde | 1 Konqueror | 2018-10-11 | 5.0 MEDIUM | N/A |
| Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | |||||
| CVE-2008-4381 | 1 Microsoft | 1 Internet Explorer | 2018-10-11 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | |||||
| CVE-2008-4324 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-11 | 5.0 MEDIUM | N/A |
| The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. | |||||
| CVE-2008-4298 | 1 Lighttpd | 1 Lighttpd | 2018-10-11 | 5.0 MEDIUM | N/A |
| Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | |||||
| CVE-2008-4231 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2018-10-11 | 9.3 HIGH | N/A |
| Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2008-4077 | 3 Dws Systems Inc., Ledgersmb, Sql-ledger | 3 Sql-ledger, Ledgersmb, Sql-ledger | 2018-10-11 | 7.8 HIGH | N/A |
| The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length. | |||||
| CVE-2008-3831 | 3 Debian, Linux, Openbsd | 3 Linux, Linux Kernel, Linux | 2018-10-11 | 4.7 MEDIUM | N/A |
| The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. | |||||
| CVE-2008-3656 | 1 Ruby-lang | 1 Ruby | 2018-10-11 | 7.8 HIGH | N/A |
| Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. | |||||
| CVE-2008-3641 | 1 Apple | 1 Cups | 2018-10-11 | 10.0 HIGH | N/A |
| The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | |||||
| CVE-2008-3627 | 1 Apple | 1 Quicktime | 2018-10-11 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. | |||||
| CVE-2008-3410 | 1 Epic Games | 1 Unreal Tournament 3 | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c. | |||||
| CVE-2008-3281 | 1 Xmlsoft | 1 Libxml2 | 2018-10-11 | 4.3 MEDIUM | N/A |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | |||||
| CVE-2008-3263 | 1 Asterisk | 1 Asterisk | 2018-10-11 | 7.8 HIGH | N/A |
| The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. | |||||
| CVE-2008-3290 | 1 Emc Dantz | 1 Retrospect Backup Client | 2018-10-11 | 5.0 MEDIUM | N/A |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version. | |||||
| CVE-2008-2956 | 1 Pidgin | 1 Pidgin | 2018-10-11 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details." | |||||
| CVE-2008-2952 | 1 Openldap | 1 Openldap | 2018-10-11 | 5.0 MEDIUM | N/A |
| liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. | |||||
| CVE-2008-2811 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 10.0 HIGH | N/A |
| The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. | |||||
| CVE-2008-2799 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. | |||||