Total
2695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1364 | 1 Vmware | 6 Ace, Player, Server and 3 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.
|
|||||
| CVE-2008-1728 | 1 Ignite Realtime | 1 Openfire | 2025-04-09 | 4.0 MEDIUM | N/A |
|
ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.
|
|||||
| CVE-2006-6681 | 1 Chetcpasswd | 1 Chetcpasswd | 2025-04-09 | 7.5 HIGH | N/A |
|
Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.
|
|||||
| CVE-2008-2000 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.
|
|||||
| CVE-2008-4324 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected.
|
|||||
| CVE-2008-3615 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2025-04-09 | 9.3 HIGH | N/A |
|
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
|
|||||
| CVE-2008-2244 | 1 Microsoft | 1 Office Word | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
|
|||||
| CVE-2008-1707 | 1 Ibm | 1 Soliddb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field.
|
|||||
| CVE-2007-4772 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
|
|||||
| CVE-2007-6698 | 1 Openldap | 1 Openldap | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
|
|||||
| CVE-2009-0751 | 1 Yaws | 1 Yaws | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
|
|||||
| CVE-2007-6356 | 1 Aertherwide | 1 Exiftags | 2025-04-09 | 5.0 MEDIUM | N/A |
|
exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.
|
|||||
| CVE-2008-7061 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists.
|
|||||
| CVE-2009-1828 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.
|
|||||
| CVE-2009-3101 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches.
|
|||||
| CVE-2009-0098 | 1 Microsoft | 1 Exchange Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
|
|||||
| CVE-2009-1889 | 1 Pidgin | 1 Pidgin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.
|
|||||
| CVE-2008-3019 | 1 Microsoft | 3 Office, Office Converter Pack, Works | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."
|
|||||
| CVE-2009-2953 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
|
|||||
| CVE-2009-0075 | 1 Microsoft | 5 Internet Explorer, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
|
|||||
| CVE-2008-0263 | 1 Ingate | 2 Firewall, Ingate Siparator | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
|
|||||
| CVE-2007-3477 | 1 Libgd | 1 Gd Graphics Library | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
|
|||||
| CVE-2009-1917 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."
|
|||||
| CVE-2009-2419 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1769 | 1 Videolan | 1 Vlc | 2025-04-09 | 6.8 MEDIUM | N/A |
|
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
|
|||||
| CVE-2009-1086 | 1 Nlnetlabs | 1 Ldns | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
|
|||||
| CVE-2009-0635 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
|
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.
|
|||||
| CVE-2009-0554 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 9.3 HIGH | 8.8 HIGH |
|
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
|
|||||
| CVE-2008-4685 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
|
|||||
| CVE-2009-3948 | 1 Cowonamerica | 1 Cowon Media Center-jetaudio | 2025-04-09 | 4.3 MEDIUM | N/A |
|
JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a denial of service (memory consumption and application crash) via a long string at the end of a .wav file.
|
|||||
| CVE-2009-0414 | 1 Tor | 1 Tor | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.
|
|||||
| CVE-2007-5612 | 1 Ibm | 1 Director | 2025-04-09 | 7.8 HIGH | N/A |
|
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
|
|||||
| CVE-2009-2996 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.
|
|||||
| CVE-2008-5684 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).
|
|||||
| CVE-2007-5001 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
|
|||||
| CVE-2008-1294 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
|
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
|
|||||
| CVE-2007-4618 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.
|
|||||
| CVE-2007-2120 | 1 Oracle | 1 Application Server | 2025-04-09 | 7.8 HIGH | N/A |
|
The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01.
|
|||||
| CVE-2008-2332 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
|
|||||
| CVE-2007-3851 | 2 Intel, Linux | 2 I915 Chipset, Linux Kernel | 2025-04-09 | 6.0 MEDIUM | N/A |
|
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
|
|||||