Total
2548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4409 | 1 Xmlsoft | 1 Libxml2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | |||||
| CVE-2007-3477 | 1 Libgd | 1 Gd Graphics Library | 2025-04-09 | 5.0 MEDIUM | N/A |
| The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. | |||||
| CVE-2008-3020 | 1 Microsoft | 3 Office, Office Converter Pack, Works | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." | |||||
| CVE-2008-3215 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
| libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. | |||||
| CVE-2009-1958 | 1 Strongswan | 1 Strongswan | 2025-04-09 | 5.0 MEDIUM | N/A |
| charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector. | |||||
| CVE-2008-1236 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. | |||||
| CVE-2007-2415 | 1 Pi3web | 1 Pi3web Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally." | |||||
| CVE-2008-4685 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | |||||
| CVE-2009-3726 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. | |||||
| CVE-2007-6279 | 1 Flac | 1 Libflac | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. | |||||
| CVE-2008-3632 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2025-04-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. | |||||
| CVE-2008-1151 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
| Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. | |||||
| CVE-2007-5330 | 1 Broadcom | 2 Brightstor Arcserve Backup, Brightstor Enterprise Backup | 2025-04-09 | 10.0 HIGH | N/A |
| The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers. | |||||
| CVE-2008-4298 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 5.0 MEDIUM | N/A |
| Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | |||||
| CVE-2008-5679 | 1 Opera | 1 Opera | 2025-04-09 | 9.3 HIGH | N/A |
| The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. | |||||
| CVE-2008-2435 | 1 Trend Micro | 1 Housecall | 2025-04-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. | |||||
| CVE-2009-2538 | 1 Nokia | 4 N810 Internet Tablet, N82, N95 and 1 more | 2025-04-09 | 7.1 HIGH | N/A |
| The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2007-4346 | 1 Symantec | 1 Backupexec System Recovery | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. | |||||
| CVE-2009-2108 | 1 Git | 1 Git | 2025-04-09 | 5.0 MEDIUM | N/A |
| git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. | |||||
| CVE-2007-1593 | 1 Symantec | 1 Veritas Volume Replicator | 2025-04-09 | 5.0 MEDIUM | N/A |
| The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. | |||||