CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 264/331 • 39664 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39664 CVEs for this tag (all time). In the last 365 days, 3231 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2010-10-29
Critical

CVE-2010-4085

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability t…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-4084

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability t…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3654

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-2581

dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-10-28
High

CVE-2010-4029

Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of servic…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-4028

Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data,…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2010-3988

Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-3711

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer d…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
2010-10-27
Medium

CVE-2010-4098

monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command.

CVSS: 5.0 CWE: N/A View on NVD
2010-10-26
Critical

CVE-2010-3491

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service E…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2010-3653

The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie wi…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-10-25
Critical

CVE-2010-4070

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before…

CVSS: 10.0 CWE: CWE-189 View on NVD
Medium

CVE-2010-3717

The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, whi…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2010-3710

Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of s…

CVSS: 4.3 CWE: CWE-399 View on NVD
2010-10-23
Medium

CVE-2010-4057

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, whic…

CVSS: 5.0 CWE: CWE-189 View on NVD
Medium

CVE-2010-4056

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attacke…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-4055

Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 13…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-4054

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data st…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-10-21
Medium

CVE-2010-4050

Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-4049

Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2010-4048

Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2010-4042

Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "sta…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2010-4040

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2010-4038

The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspec…

CVSS: 7.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Critical

CVE-2010-4035

Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ot…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2010-4034

Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2010-3183

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3179

Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 a…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3176

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2010-3175

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corrup…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2010-3174

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memo…

CVSS: 9.3 CWE: N/A View on NVD
2010-10-19
Critical

CVE-2010-3562

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2010-3495

Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a…

CVSS: 4.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2010-3494

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…

CVSS: 4.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2010-3493

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediatel…

CVSS: 4.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2010-3492

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should han…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2009-5013

Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2009-5011

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…

CVSS: 4.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2009-5010

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TC…

CVSS: 4.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2008-7264

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2007-6740

The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of…

CVSS: 4.0 CWE: CWE-264 View on NVD
Medium

CVE-2007-6739

FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2010-3747

An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during p…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-10-18
Medium

CVE-2010-3980

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2009-5006

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and o…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daem…

CVSS: 5.0 CWE: N/A View on NVD
2010-10-14
Medium

CVE-2010-3564

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2010-2601

Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, a…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-3903

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-3071

bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a cra…

CVSS: 5.0 CWE: CWE-399 View on NVD
2010-10-13
High

CVE-2010-3229

The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client…

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD
2010-10-12
Medium

CVE-2010-3701

lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent messag…

CVSS: 4.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon out…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2010-2951

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion…

CVSS: 5.0 CWE: N/A View on NVD
2010-10-08
Medium

CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Ta…

CVSS: 4.9 CWE: CWE-399 View on NVD
2010-10-07
Medium

CVE-2010-3697

The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requ…

CVSS: 4.3 CWE: CWE-399 View on NVD
Medium

CVE-2010-3696

The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause…

CVSS: 4.3 CWE: CWE-399 View on NVD
Medium

CVE-2010-1322

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, w…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2010-10-06
Medium

CVE-2010-3780

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.

CVSS: 4.0 CWE: N/A View on NVD
Critical

CVE-2010-3658

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-3657

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vuln…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2010-3656

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vuln…

CVSS: 4.3 CWE: N/A View on NVD
Critical

CVE-2010-3632

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3630

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code vi…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2010-3628

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3623

Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3622

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3621

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3619

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-2890

Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vecto…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-10-05
Medium

CVE-2010-3762

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2010-3760

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory,…

CVSS: 7.8 CWE: CWE-399 View on NVD
Medium

CVE-2010-3756

The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate a…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2010-3755

The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2010-3308

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long c…

CVSS: 6.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2010-3302

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1)…

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-3740

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users…

CVSS: 4.0 CWE: CWE-399 View on NVD
Low

CVE-2010-3737

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-d…

CVSS: 3.5 CWE: CWE-399 View on NVD
Medium

CVE-2010-3736

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap…

CVSS: 4.0 CWE: CWE-399 View on NVD
Low

CVE-2010-3735

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certai…

CVSS: 2.1 CWE: CWE-399 View on NVD
Low

CVE-2010-3732

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows fo…

CVSS: 3.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2010-2653

Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by c…

CVSS: 6.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2010-10-04
Medium

CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corrupti…

CVSS: 4.7 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2010-3437

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory…

CVSS: 6.6 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to…

CVSS: 8.8 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD
Medium

CVE-2010-1623

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Ap…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-09-30
Critical

CVE-2010-3434

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-3079

kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to ca…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2010-09-29
Low

CVE-2010-3310

Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have u…

CVSS: 1.9 CWE: CWE-189 View on NVD
High

CVE-2010-3084

Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-2530

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via…

CVSS: 4.9 CWE: CWE-189 View on NVD
High

CVE-2010-2478

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspe…

CVSS: 7.2 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2010-09-28
Medium

CVE-2010-3087

LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-0405

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly exec…

CVSS: 5.1 CWE: CWE-189 View on NVD
2010-09-24
Medium

CVE-2010-3603

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of admin…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2010-3285

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2010-1825

Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related…

CVSS: 9.3 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2010-1824

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a…

CVSS: 9.3 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via ve…

CVSS: 9.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2010-1773

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensi…

CVSS: 8.8 CWE: CWE-193 - Off-by-one Error View on NVD
High

CVE-2010-1772

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denia…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2010-09-23
Medium

CVE-2010-3281

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 5.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2010-2836

Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly di…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2010-2835

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2010-2834

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x befor…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2010-2833

Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit t…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2010-2832

Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit tra…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2010-2831

Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traff…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2010-2830

The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malfor…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2010-2829

Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a de…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2010-2828

Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a de…

CVSS: 7.8 CWE: N/A View on NVD
2010-09-21
Medium

CVE-2010-0781

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption)…

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2010-3080

Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly…

CVSS: 7.2 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2010-3067

Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact…

CVSS: 4.9 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2010-09-20
Medium

CVE-2010-3476

Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attacke…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2010-3200

MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Wo…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a…

CVSS: 5.0 CWE: N/A View on NVD
2010-09-16
Critical

CVE-2010-3416

Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified othe…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-3415

Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via u…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD