CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 258/331 • 39664 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39664 CVEs for this tag (all time). In the last 365 days, 3231 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2011-05-13
Critical

CVE-2011-0621

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corrup…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2011-0620

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corrup…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2011-0619

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corrup…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server han…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2011-1248

WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-0761

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) r…

CVSS: 5.0 CWE: N/A View on NVD
2011-05-10
High

CVE-2011-2074

Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a cr…

CVSS: 8.5 CWE: N/A View on NVD
Medium

CVE-2011-1824

The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an i…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2011-0905

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encodin…

CVSS: 3.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2011-0904

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding…

CVSS: 3.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2011-05-09
Medium

CVE-2011-1907

ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG qu…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2011-1748

The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer…

CVSS: 4.9 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2011-1598

The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer…

CVSS: 4.9 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2011-2022

The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or ca…

CVSS: 6.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1747

The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a d…

CVSS: 4.7 CWE: CWE-399 View on NVD
Medium

CVE-2011-1746

Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffe…

CVSS: 6.9 CWE: CWE-189 View on NVD
Medium

CVE-2011-1745

Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system…

CVSS: 6.9 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2011-1547

Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corr…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2011-1323

Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allo…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1090

The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users t…

CVSS: 4.9 CWE: CWE-399 View on NVD
High

CVE-2011-1013

Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm…

CVSS: 7.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
2011-05-07
Critical

CVE-2011-0081

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0080

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attacker…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0079

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0078

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0077

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0075

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0074

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0072

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0070

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2011-0069

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote…

CVSS: 10.0 CWE: N/A View on NVD
2011-05-05
High

CVE-2011-1208

IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite an…

CVSS: 7.8 CWE: N/A View on NVD
2011-05-04
Medium

CVE-2011-0714

Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause…

CVSS: 5.7 CWE: CWE-399 View on NVD
2011-05-03
Medium

CVE-2011-1786

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products,…

CVSS: 5.0 CWE: CWE-399 View on NVD
High

CVE-2011-1785

VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2011-1613

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of servic…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2011-1606

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote a…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2011-1605

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2011-1604

Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers…

CVSS: 7.1 CWE: CWE-399 View on NVD
Medium

CVE-2011-1456

Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1455

Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-1454

Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact vi…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2011-1451

Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that le…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1450

Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1449

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via un…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-1448

Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vector…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1447

Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors tha…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1445

Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2011-1444

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via u…

CVSS: 6.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2011-1443

Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that le…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1442

Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1441

Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or po…

CVSS: 6.8 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
Medium

CVE-2011-1440

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2011-1437

Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2011-1436

Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1434

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via u…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1305

Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked l…

CVSS: 6.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2011-1303

Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors th…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1684

Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (ap…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2011-1593

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or…

CVSS: 4.9 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2010-4665

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified…

CVSS: 4.3 CWE: CWE-189 View on NVD
High

CVE-2011-1845

Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2011-1844

Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom Dependenc…

CVSS: 7.8 CWE: CWE-399 View on NVD
Medium

CVE-2011-1577

Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or poss…

CVSS: 4.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2011-1495

drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1494

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of servi…

CVSS: 6.9 CWE: CWE-189 View on NVD
High

CVE-2011-1169

Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of servic…

CVSS: 7.2 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2011-1087

Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2011-0610

The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2011-04-29
Medium

CVE-2011-1592

The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to…

CVSS: 4.3 CWE: CWE-189 View on NVD
Medium

CVE-2011-1590

The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (applic…

CVSS: 4.3 CWE: CWE-399 View on NVD
Medium

CVE-2011-1535

Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via un…

CVSS: 6.0 CWE: N/A View on NVD
2011-04-27
Medium

CVE-2011-1507

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number…

CVSS: 5.0 CWE: CWE-399 View on NVD
2011-04-21
Medium

CVE-2011-1821

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search.

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-4789

Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-4788

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial o…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2010-4787

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers impro…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-4786

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon crash or hang) via a paged search, as demons…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-4785

The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2009-5073

IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested g…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2009-5072

Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memo…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2008-7290

Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consump…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2008-7289

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2008-7288

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operati…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2008-7287

Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cau…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2007-6743

Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that tri…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2007-6742

The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to c…

CVSS: 6.8 CWE: CWE-399 View on NVD
2011-04-18
Medium

CVE-2011-1179

The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related t…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-1171

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum oper…

CVSS: 5.5 CWE: CWE-264 View on NVD
2011-04-15
Medium

CVE-2011-1691

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 an…

CVSS: 5.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2011-0896

Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors.

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2011-0285

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
2011-04-13
Medium

CVE-2011-0992

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information…

CVSS: 5.8 CWE: CWE-399 View on NVD
Medium

CVE-2011-0991

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via…

CVSS: 6.8 CWE: CWE-399 View on NVD
Medium

CVE-2011-0990

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a bu…

CVSS: 5.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2011-0989

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attacke…

CVSS: 5.8 CWE: CWE-264 View on NVD
Critical

CVE-2011-0656

Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 200…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2011-0655

Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; P…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2011-0104

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory c…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2011-0103

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory c…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2011-0101

Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2011-0611

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe R…

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2011-04-11
Medium

CVE-2011-1156

feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.

CVSS: 5.0 CWE: CWE-399 View on NVD
2011-04-08
Medium

CVE-2011-1659

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 stri…

CVSS: 5.0 CWE: CWE-189 View on NVD
Medium

CVE-2011-1071

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a lo…

CVSS: 5.1 CWE: CWE-399 View on NVD
2011-04-05
Critical

CVE-2011-1568

Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) al…

CVSS: 10.0 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Critical

CVE-2011-1567

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2011-04-04
Medium

CVE-2011-1083

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption)…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2011-1082

fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2011-0891

Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors.

CVSS: 4.4 CWE: N/A View on NVD
2011-03-31
Medium

CVE-2011-1554

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document con…

CVSS: 4.3 CWE: CWE-189 View on NVD
Medium

CVE-2011-1553

Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF…

CVSS: 4.3 CWE: CWE-399 View on NVD
Medium

CVE-2011-1552

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash)…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2011-1175

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2011-1174

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a…

CVSS: 5.0 CWE: CWE-399 View on NVD
2011-03-30
Low

CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash…

CVSS: 1.9 CWE: CWE-399 View on NVD
Medium

CVE-2011-1097

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or po…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2011-03-29
Medium

CVE-2010-1675

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-1674

The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communiti…

CVSS: 5.0 CWE: N/A View on NVD
2011-03-28
Critical

CVE-2011-0024

Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted captur…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD