Total
2548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0176 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." | |||||
| CVE-2014-1916 | 1 Light Speed Gaming | 2 Mumble, Mumblekit | 2025-04-11 | 5.0 MEDIUM | N/A |
| The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet. | |||||
| CVE-2011-0132 | 2 Apple, Microsoft | 7 Itunes, Safari, Webkit and 4 more | 2025-04-11 | 7.6 HIGH | N/A |
| Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
| CVE-2013-4075 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2025-04-11 | 5.0 MEDIUM | N/A |
| epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2010-2534 | 1 Openttd | 1 Openttd | 2025-04-11 | 5.0 MEDIUM | N/A |
| The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue. | |||||
| CVE-2012-2823 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources. | |||||
| CVE-2012-5573 | 1 Torproject | 1 Tor | 2025-04-11 | 5.0 MEDIUM | N/A |
| The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command. | |||||
| CVE-2011-0991 | 2 Mono, Novell | 2 Mono, Moonlight | 2025-04-11 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. | |||||
| CVE-2010-0160 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 10.0 HIGH | N/A |
| The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-0024 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." | |||||
| CVE-2013-2231 | 2 Microsoft, Redhat | 5 Windows, Enterprise Linux, Enterprise Linux Desktop Supplementary and 2 more | 2025-04-11 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder. | |||||
| CVE-2013-6658 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function. | |||||
| CVE-2012-3970 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. | |||||
| CVE-2013-0316 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. | |||||
| CVE-2013-0919 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window. | |||||
| CVE-2008-7265 | 1 Proftpd | 1 Proftpd | 2025-04-11 | 4.0 MEDIUM | N/A |
| The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. | |||||
| CVE-2009-5040 | 1 Cisco | 1 Ios | 2025-04-11 | 6.8 MEDIUM | N/A |
| CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | |||||
| CVE-2011-3089 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables. | |||||
| CVE-2011-4326 | 2 Avaya, Linux | 3 96x1 Ip Deskphone, 96x1 Ip Deskphone Firmware, Linux Kernel | 2025-04-11 | 7.1 HIGH | N/A |
| The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device. | |||||
| CVE-2012-2192 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 4.9 MEDIUM | N/A |
| The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | |||||