Total
2695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4326 | 2 Avaya, Linux | 3 96x1 Ip Deskphone, 96x1 Ip Deskphone Firmware, Linux Kernel | 2025-04-11 | 7.1 HIGH | N/A |
|
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
|
|||||
| CVE-2011-0945 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | 7.8 HIGH | N/A |
|
Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364.
|
|||||
| CVE-2011-1879 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
|
|||||
| CVE-2010-2120 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
|
|||||
| CVE-2010-4052 | 1 Gnu | 1 Glibc | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
|
|||||
| CVE-2010-0538 | 1 Apple | 2 Java, Mac Os X | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.
|
|||||
| CVE-2009-5110 | 1 Dhttpd | 1 Dhttpd | 2025-04-11 | 5.0 MEDIUM | N/A |
|
dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
|
|||||
| CVE-2011-3443 | 1 Apple | 1 Safari | 2025-04-11 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules.
|
|||||
| CVE-2009-5111 | 1 Goahead | 1 Goahead Webserver | 2025-04-11 | 5.0 MEDIUM | N/A |
|
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
|
|||||
| CVE-2007-6742 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to cause a denial of service (infinite loop) via a malformed search filter.
|
|||||
| CVE-2010-4552 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients.
|
|||||
| CVE-2012-2887 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.
|
|||||
| CVE-2013-1797 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
|
|||||
| CVE-2011-1238 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
|
|||||
| CVE-2010-0292 | 1 Tuxfamily | 1 Chrony | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
|
|||||
| CVE-2012-5533 | 1 Lighttpd | 1 Lighttpd | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
|
|||||
| CVE-2011-0666 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
|
|||||
| CVE-2011-2060 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523.
|
|||||
| CVE-2010-2552 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | 7.8 HIGH | N/A |
|
Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
|
|||||
| CVE-2013-4469 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2025-04-11 | 1.9 LOW | N/A |
|
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
|
|||||
| CVE-2011-4858 | 1 Apache | 1 Tomcat | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
|
|||||
| CVE-2011-2161 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.
|
|||||
| CVE-2011-1148 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
|
|||||
| CVE-2011-0066 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.
|
|||||
| CVE-2010-1991 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
|
|||||
| CVE-2011-2639 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.
|
|||||
| CVE-2011-3973 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 5.0 MEDIUM | N/A |
|
cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.
|
|||||
| CVE-2011-0284 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | 7.6 HIGH | N/A |
|
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
|
|||||
| CVE-2011-2393 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-11 | 7.8 HIGH | N/A |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
|
|||||
| CVE-2013-7298 | 1 Tntnet | 1 Cxxtools | 2025-04-11 | 5.0 MEDIUM | N/A |
|
query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters.
|
|||||
| CVE-2010-2349 | 1 Timhillone | 1 H264webcam | 2025-04-11 | 5.0 MEDIUM | N/A |
|
H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-3381 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756.
|
|||||
| CVE-2012-1315 | 1 Cisco | 1 Ios | 2025-04-11 | 7.8 HIGH | N/A |
|
Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171.
|
|||||
| CVE-2011-2626 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.
|
|||||
| CVE-2010-2164 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."
|
|||||
| CVE-2013-1338 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304.
|
|||||
| CVE-2010-3823 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415.
|
|||||
| CVE-2012-2852 | 4 Apple, Google, Linux and 1 more | 5 Mac Os X, Chrome, Frame and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document.
|
|||||
| CVE-2011-3263 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 5.0 MEDIUM | N/A |
|
zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
|
|||||
| CVE-2012-2862 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
|||||