Total
2695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0219 | 1 Research In Motion Limited | 3 Blackberry Enterprise Server, Blackberry Professional Software, Blackberry Unite | 2025-04-09 | 9.3 HIGH | N/A |
|
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
|
|||||
| CVE-2007-2276 | 1 3com | 1 Tippingpoint Ips | 2025-04-09 | 7.8 HIGH | N/A |
|
3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging.
|
|||||
| CVE-2008-1777 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.
|
|||||
| CVE-2006-5568 | 1 Datawizard | 1 Ftpxq | 2025-04-09 | 5.0 MEDIUM | N/A |
|
FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command.
|
|||||
| CVE-2009-2668 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 7.8 HIGH | N/A |
|
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232.
|
|||||
| CVE-2009-3671 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | 8.1 HIGH |
|
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
|
|||||
| CVE-2006-6601 | 2 Microsoft, Windows | 2 Windows Xp, Media Player | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.
|
|||||
| CVE-2009-1139 | 1 Microsoft | 4 Adam, Windows 2000, Windows Server 2003 and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
|
|||||
| CVE-2008-4841 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Xp and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
|
|||||
| CVE-2008-0121 | 1 Microsoft | 1 Office Powerpoint Viewer | 2025-04-09 | 9.3 HIGH | N/A |
|
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
|
|||||
| CVE-2008-4558 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
|
|||||
| CVE-2008-2323 | 1 Apple | 2 Data Detectors Engine, Mac Os X | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.
|
|||||
| CVE-2008-5185 | 1 Geshi | 1 Geshi | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".
|
|||||
| CVE-2009-2803 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
|
|||||
| CVE-2009-3676 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-09 | 7.1 HIGH | N/A |
|
The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
|
|||||
| CVE-2009-0771 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 10.0 HIGH | N/A |
|
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
|
|||||
| CVE-2009-1492 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
|
|||||
| CVE-2008-3283 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
|
|||||
| CVE-2007-2039 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-09 | 6.1 MEDIUM | N/A |
|
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.
|
|||||
| CVE-2008-7094 | 1 Unica | 1 Affinium Campaign | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure.
|
|||||
| CVE-2009-1928 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."
|
|||||
| CVE-2008-3443 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
|
|||||
| CVE-2008-2435 | 1 Trend Micro | 1 Housecall | 2025-04-09 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function.
|
|||||
| CVE-2008-4678 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.8 HIGH | N/A |
|
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure."
|
|||||
| CVE-2008-2375 | 1 Redhat | 2 Enterprise Linux, Vsftpd | 2025-04-09 | 7.1 HIGH | N/A |
|
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
|
|||||
| CVE-2008-5661 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 5.4 MEDIUM | N/A |
|
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.
|
|||||
| CVE-2009-0691 | 1 Foxitsoftware | 2 Foxit Reader, Jpeg2000 Jbig2 Decoder Add-on | 2025-04-09 | 9.3 HIGH | N/A |
|
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.
|
|||||
| CVE-2008-4681 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
|
|||||
| CVE-2008-3621 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
|
|||||
| CVE-2008-4382 | 1 Kde | 1 Konqueror | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
|
|||||
| CVE-2007-6422 | 1 Apache | 1 Http Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
|
|||||
| CVE-2009-1758 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
|
|||||
| CVE-2009-1302 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAnc ...
Show More |
|||||
| CVE-2006-1305 | 1 Microsoft | 2 Office, Outlook | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
|
|||||
| CVE-2009-3604 | 5 Foolabs, Glyphandcog, Gnome and 2 more | 5 Xpdf, Xpdfreader, Gpdf and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
|
|||||
| CVE-2009-0758 | 1 Avahi | 1 Avahi-daemon | 2025-04-09 | 7.8 HIGH | N/A |
|
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
|
|||||
| CVE-2009-4308 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.1 HIGH | N/A |
|
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
|
|||||
| CVE-2008-0007 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
|
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
|
|||||
| CVE-2009-2187 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages.
|
|||||
| CVE-2008-5314 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
|
|||||