Critical
CVE-2010-3414
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…
Tag: Denial of Service (DoS)
All CVEs associated with "Denial of Service (DoS)". Page 265/331 • 39664 CVEs.
Subscribe CVEs: RSS for “Denial of Service (DoS)” · RSS (High+Critical only)
About “Denial of Service (DoS)”
A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39664 CVEs for this tag (all time). In the last 365 days, 3231 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2010-09-16
Medium
CVE-2010-3413
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
Medium
CVE-2010-3411
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.
2010-09-15
Medium
CVE-2010-1899
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage)…
High
CVE-2010-3069
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
Critical
CVE-2010-2884
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader…
Medium
CVE-2010-2580
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in…
2010-09-14
Medium
CVE-2010-0153
Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 all…
2010-09-13
High
CVE-2010-3008
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain…
2010-09-10
High
CVE-2010-3006
Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors.
Medium
CVE-2010-2949
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS…
Medium
CVE-2010-2948
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or…
Critical
CVE-2010-1807
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute…
Critical
CVE-2010-1806
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in stylin…
Medium
CVE-2010-2841
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote au…
High
CVE-2010-0574
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and…
2010-09-09
High
CVE-2010-3007
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges…
High
CVE-2010-2883
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a deni…
Medium
CVE-2010-1817
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF fi…
Medium
CVE-2010-1815
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service…
Medium
CVE-2010-1814
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicat…
Medium
CVE-2010-1813
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involv…
Medium
CVE-2010-1812
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service…
Medium
CVE-2010-1811
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIF…
Medium
CVE-2010-1781
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors…
Critical
CVE-2010-3169
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow r…
Critical
CVE-2010-3168
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering X…
Critical
CVE-2010-2770
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memo…
Critical
CVE-2010-2767
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle dest…
2010-09-08
Medium
CVE-2010-3198
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.
High
CVE-2010-2960
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a deni…
High
CVE-2010-2959
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.…
High
CVE-2010-2798
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local user…
Critical
CVE-2010-2495
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows…
High
CVE-2010-2492
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of s…
Medium
CVE-2009-4895
Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or p…
2010-09-07
Critical
CVE-2010-3257
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute ar…
Critical
CVE-2010-3255
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspec…
Critical
CVE-2010-3254
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other…
Critical
CVE-2010-3253
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unkno…
Critical
CVE-2010-3252
Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vect…
Medium
CVE-2010-3251
The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
Critical
CVE-2010-3249
Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, rela…
High
CVE-2010-2739
Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cau…
Critical
CVE-2010-2521
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibl…
High
CVE-2010-2248
fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh va…
2010-09-03
Medium
CVE-2010-2954
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a d…
2010-08-31
Low
CVE-2010-3196
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
Medium
CVE-2010-3195
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special grou…
2010-08-30
High
CVE-2010-3035
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a cr…
Medium
CVE-2010-2575
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remot…
2010-08-26
Critical
CVE-2010-2882
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via…
Critical
CVE-2010-2881
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via…
Critical
CVE-2010-2880
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via…
Critical
CVE-2010-2879
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or exec…
Critical
CVE-2010-2878
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of servi…
Critical
CVE-2010-2877
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute a…
Critical
CVE-2010-2876
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remot…
Critical
CVE-2010-2875
Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated w…
Critical
CVE-2010-2873
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of…
Critical
CVE-2010-2872
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corr…
Critical
CVE-2010-2871
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via…
Critical
CVE-2010-2870
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of servi…
Critical
CVE-2010-2869
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via…
Critical
CVE-2010-2868
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary…
Critical
CVE-2010-2867
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a de…
Critical
CVE-2010-2866
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a coun…
Medium
CVE-2010-2865
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors.
Critical
CVE-2010-2864
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via…
Critical
CVE-2010-2863
Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
High
CVE-2010-2840
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which…
High
CVE-2010-2839
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message,…
High
CVE-2010-2838
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote atta…
High
CVE-2010-2837
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5),…
Critical
CVE-2009-3743
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory…
2010-08-25
Critical
CVE-2010-2936
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbi…
Critical
CVE-2010-2935
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to c…
Medium
CVE-2010-1808
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a c…
Medium
CVE-2010-1801
Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF fil…
2010-08-24
Critical
CVE-2010-3120
Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other…
Critical
CVE-2010-3119
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspeci…
Critical
CVE-2010-3117
Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified ot…
Critical
CVE-2010-3116
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to…
Critical
CVE-2010-3113
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have u…
Critical
CVE-2010-3112
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknow…
Critical
CVE-2010-2947
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string tha…
Medium
CVE-2010-2811
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of ser…
Medium
CVE-2010-2784
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 a…
Medium
CVE-2010-0435
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL po…
Medium
CVE-2010-0431
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users…
Medium
CVE-2010-0429
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-mana…
Medium
CVE-2010-0428
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which all…
2010-08-23
High
CVE-2010-3107
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a d…
Critical
CVE-2010-3106
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cau…
2010-08-20
Medium
CVE-2010-3064
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possib…
Medium
CVE-2010-3061
Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a…
Medium
CVE-2010-3060
Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial…
High
CVE-2010-3058
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and exec…
Medium
CVE-2010-3015
Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operatio…
Medium
CVE-2010-2937
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denia…
Medium
CVE-2010-2810
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (applicat…
Low
CVE-2010-1172
DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying propertie…
Low
CVE-2008-7258
The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins wit…
2010-08-19
Medium
CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (a…
Medium
CVE-2010-3053
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static…
Medium
CVE-2010-2813
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by makin…
Medium
CVE-2010-2808
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or poss…
Medium
CVE-2010-2807
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…
Medium
CVE-2010-2806
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…
Medium
CVE-2010-2805
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (applicati…
Medium
CVE-2010-2541
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra…
Medium
CVE-2010-2527
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Medium
CVE-2010-2520
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (ap…
Medium
CVE-2010-2519
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execut…
Medium
CVE-2010-2500
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary c…
Medium
CVE-2010-2499
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…
Medium
CVE-2010-2498
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap me…
Medium
CVE-2010-2497
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Critical
CVE-2010-2076
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not…
2010-08-17
Medium
CVE-2010-2934
Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls."