Search
Total
2614 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7203 | 1 Valvesoftware | 1 Counter-strike | 2017-10-11 | 5.0 MEDIUM | N/A |
| Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets. | |||||
| CVE-2006-6303 | 1 Yukihiro Matsumoto | 1 Ruby | 2017-10-11 | 5.0 MEDIUM | N/A |
| The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. | |||||
| CVE-2006-5757 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 1.2 LOW | N/A |
| Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. | |||||
| CVE-2006-5467 | 1 Yukihiro Matsumoto | 1 Ruby | 2017-10-11 | 5.0 MEDIUM | N/A |
| The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. | |||||
| CVE-2006-4814 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.6 MEDIUM | N/A |
| The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. | |||||
| CVE-2006-4535 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch. | |||||
| CVE-2007-1388 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.4 MEDIUM | N/A |
| The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference. | |||||
| CVE-2007-1082 | 1 Ftpx | 1 Ftp Explorer | 2017-10-11 | 7.1 HIGH | N/A |
| FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command. | |||||
| CVE-2007-0451 | 1 Apache | 1 Spamassassin | 2017-10-11 | 4.3 MEDIUM | N/A |
| Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." | |||||
| CVE-2006-6304 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.5 HIGH | N/A |
| The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | |||||
| CVE-2006-0354 | 1 Cisco | 8 Aironet Ap1100, Aironet Ap1130ag, Aironet Ap1200 and 5 more | 2017-10-11 | 5.5 MEDIUM | N/A |
| Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. | |||||
| CVE-2005-1021 | 1 Cisco | 1 Ios | 2017-10-11 | 7.1 HIGH | N/A |
| Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | |||||
| CVE-2005-3119 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys. | |||||
| CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2017-10-11 | 2.1 LOW | N/A |
| Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
| CVE-2004-0918 | 6 Gentoo, Openpkg, Redhat and 3 more | 6 Linux, Openpkg, Fedora Core and 3 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | |||||
| CVE-2005-0210 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice. | |||||
| CVE-2001-0041 | 1 Cisco | 1 Catos | 2017-10-10 | 7.8 HIGH | N/A |
| Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. | |||||
| CVE-2014-9686 | 1 Mapsplugin | 1 Googlemaps | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428. | |||||
| CVE-2015-5963 | 3 Canonical, Djangoproject, Oracle | 3 Ubuntu Linux, Django, Solaris | 2017-10-03 | 5.0 MEDIUM | N/A |
| contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. | |||||
| CVE-2009-1514 | 1 Google | 1 Chrome | 2017-09-29 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. | |||||
| CVE-2009-2173 | 1 Gameis | 1 Carom3d | 2017-09-29 | 3.5 LOW | N/A |
| The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012. | |||||
| CVE-2009-1889 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 5.0 MEDIUM | N/A |
| The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. | |||||
| CVE-2009-1758 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2017-09-29 | 5.0 MEDIUM | N/A |
| The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." | |||||
| CVE-2009-1687 | 1 Apple | 1 Safari | 2017-09-29 | 9.3 HIGH | N/A |
| The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | |||||
| CVE-2009-1632 | 1 Ipsec-tools | 1 Ipsec-tools | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. | |||||
| CVE-2009-1511 | 1 Microsoft | 1 Windows Xp | 2017-09-29 | 7.8 HIGH | N/A |
| GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. | |||||
| CVE-2009-1493 | 2 Adobe, Linux | 2 Reader, Linux | 2017-09-29 | 6.8 MEDIUM | N/A |
| The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument. | |||||
| CVE-2009-1379 | 1 Openssl | 1 Openssl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. | |||||
| CVE-2009-1313 | 1 Mozilla | 1 Firefox | 2017-09-29 | 9.3 HIGH | N/A |
| The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | |||||
| CVE-2009-1196 | 1 Apple | 1 Cups | 2017-09-29 | 5.0 MEDIUM | N/A |
| The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." | |||||
| CVE-2009-0914 | 1 Opera | 1 Opera Browser | 2017-09-29 | 9.3 HIGH | N/A |
| Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. | |||||
| CVE-2009-1169 | 1 Mozilla | 1 Firefox | 2017-09-29 | 9.3 HIGH | N/A |
| The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | |||||
| CVE-2009-1168 | 1 Cisco | 2 Ios, Ios Xe | 2017-09-29 | 7.1 HIGH | N/A |
| Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021. | |||||
| CVE-2009-0798 | 1 Tim Hockin | 1 Acpid | 2017-09-29 | 5.0 MEDIUM | N/A |
| ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. | |||||
| CVE-2009-0775 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | |||||
| CVE-2009-0773 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | |||||
| CVE-2009-0771 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | |||||
| CVE-2009-0751 | 1 Yaws | 1 Yaws | 2017-09-29 | 5.0 MEDIUM | N/A |
| Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers. | |||||
| CVE-2009-1237 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-09-29 | 4.9 MEDIUM | N/A |
| Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. | |||||
| CVE-2009-0687 | 4 Midnightbsd, Mirbsd, Netbsd and 1 more | 4 Midnightbsd, Miros, Netbsd and 1 more | 2017-09-29 | 7.8 HIGH | N/A |
| The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. | |||||
| CVE-2009-0626 | 1 Cisco | 1 Ios | 2017-09-29 | 7.8 HIGH | N/A |
| The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. | |||||
| CVE-2009-0353 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine. | |||||
| CVE-2009-0259 | 1 Openoffice | 1 Openoffice.org | 2017-09-29 | 9.3 HIGH | N/A |
| The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. | |||||
| CVE-2009-0031 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree." | |||||
| CVE-2008-7053 | 1 Logmein | 1 Ractrl.dll | 2017-09-29 | 9.3 HIGH | N/A |
| LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption. | |||||
| CVE-2009-0071 | 1 Mozilla | 1 Firefox | 2017-09-29 | 2.6 LOW | N/A |
| Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected. | |||||
| CVE-2008-6472 | 1 Wireshark | 1 Wireshark | 2017-09-29 | 4.3 MEDIUM | N/A |
| The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | |||||
| CVE-2008-5314 | 1 Clam Anti-virus | 1 Clamav | 2017-09-29 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. | |||||
| CVE-2008-5180 | 1 Microsoft | 1 Office Communicator | 2017-09-29 | 5.0 MEDIUM | N/A |
| Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. | |||||
| CVE-2008-5081 | 1 Avahi | 1 Avahi | 2017-09-29 | 5.0 MEDIUM | N/A |
| The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. | |||||