| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. |
| Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. |
| Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. |
| The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. |
| LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption. |
| File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. |
| Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. |
| The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. |
| The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01. |
| PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. |
| The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. |
| Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. |
| Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. |
| KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values. |
| Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption. |
| Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors. |
| The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks. |
| The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. |
| Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822. |
| Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests. |
