Critical
CVE-2010-1400
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus…
Tag: Denial of Service (DoS)
All CVEs associated with "Denial of Service (DoS)". Page 268/331 • 39664 CVEs.
Subscribe CVEs: RSS for “Denial of Service (DoS)” · RSS (High+Critical only)
About “Denial of Service (DoS)”
A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39664 CVEs for this tag (all time). In the last 365 days, 3231 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2010-06-11
Critical
CVE-2010-1399
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which al…
Critical
CVE-2010-1398
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execu…
Critical
CVE-2010-1397
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus…
Critical
CVE-2010-1396
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus…
Critical
CVE-2010-1392
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus…
Critical
CVE-2010-1385
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial…
2010-06-10
Medium
CVE-2010-2262
Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header.
High
CVE-2010-1570
The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote…
2010-06-08
Medium
CVE-2010-1264
Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeate…
High
CVE-2010-1297
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote…
Medium
CVE-2010-2159
Dameng DM Database Server allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to the SP_DEL_BAK_EXPIRED procedur…
Medium
CVE-2010-1849
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a la…
2010-06-07
Medium
CVE-2010-2156
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
Medium
CVE-2010-2024
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possi…
Medium
CVE-2010-2023
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial o…
2010-06-03
Medium
CVE-2010-1643
mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of servi…
Low
CVE-2008-7256
mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows atta…
2010-06-01
Medium
CVE-2010-2121
Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp…
Medium
CVE-2010-2120
Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// U…
Medium
CVE-2010-2119
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for…
Medium
CVE-2010-2118
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates I…
Medium
CVE-2010-2117
Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for i…
High
CVE-2010-0296
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint na…
Medium
CVE-2009-4881
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a…
Medium
CVE-2009-4880
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumptio…
2010-05-28
Medium
CVE-2010-2115
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
High
CVE-2010-2109
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors re…
Critical
CVE-2010-2107
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Bro…
Critical
CVE-2010-1938
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to c…
High
CVE-2010-1919
Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.
2010-05-27
Medium
CVE-2010-2093
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream c…
Medium
CVE-2010-2090
The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attack…
Medium
CVE-2010-2089
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memor…
Medium
CVE-2010-1634
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment,…
Critical
CVE-2010-0597
Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4…
Medium
CVE-2009-4134
Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that trig…
2010-05-26
Medium
CVE-2010-1640
Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds rea…
Medium
CVE-2010-1639
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated st…
Medium
CVE-2009-4875
FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters.
Critical
CVE-2009-4873
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Ses…
2010-05-24
Critical
CVE-2010-2028
Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode.
Medium
CVE-2006-7239
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a…
2010-05-21
Medium
CVE-2010-0539
Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary c…
Medium
CVE-2010-0538
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause…
Medium
CVE-2010-1436
gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (k…
2010-05-20
Medium
CVE-2010-1993
Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document w…
Medium
CVE-2010-1992
Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessiv…
Medium
CVE-2010-1991
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attacker…
Medium
CVE-2010-1990
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attacke…
Medium
CVE-2010-1989
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessiv…
Critical
CVE-2010-1988
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code th…
Medium
CVE-2010-1987
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long stri…
Medium
CVE-2010-1986
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing ele…
Medium
CVE-2010-0745
Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
2010-05-19
Medium
CVE-2010-1321
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not pr…
High
CVE-2010-1943
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Clie…
High
CVE-2010-1941
Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and e…
2010-05-17
Medium
CVE-2010-0776
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to respo…
Medium
CVE-2010-0775
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory cons…
2010-05-14
High
CVE-2010-1567
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.
High
CVE-2010-1565
Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of ser…
High
CVE-2010-1563
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a mal…
High
CVE-2010-1562
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a mal…
High
CVE-2010-1561
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a l…
High
CVE-2010-0604
Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP…
High
CVE-2010-0603
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug I…
High
CVE-2010-0602
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk3260…
High
CVE-2010-0601
The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl391…
Medium
CVE-2010-1624
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and appl…
Medium
CVE-2010-1510
Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compre…
Medium
CVE-2010-1509
IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possi…
Critical
CVE-2009-3678
Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-depen…
2010-05-13
Critical
CVE-2010-1291
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than C…
Critical
CVE-2010-1290
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than C…
Critical
CVE-2010-1289
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than C…
Critical
CVE-2010-1287
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than C…
Critical
CVE-2010-1286
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than C…
Critical
CVE-2010-1284
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than C…
Critical
CVE-2010-1292
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remo…
High
CVE-2010-1283
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap me…
Medium
CVE-2010-1282
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
High
CVE-2010-1281
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary co…
High
CVE-2010-1280
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an e…
High
CVE-2010-0986
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via…
High
CVE-2010-0129
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (a…
Critical
CVE-2010-0128
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or pos…
High
CVE-2010-0127
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave fi…
2010-05-12
Medium
CVE-2010-1917
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch…
Medium
CVE-2010-1455
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
Low
CVE-2010-0730
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vecto…
2010-05-11
Medium
CVE-2009-4867
Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file.
2010-05-07
Critical
CVE-2010-1866
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corrupt…
Medium
CVE-2010-1853
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute a…
High
CVE-2010-1437
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system…
High
CVE-2010-1173
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via…
Medium
CVE-2009-4847
Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list.
Medium
CVE-2010-1440
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrar…
Medium
CVE-2010-1167
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory…
Medium
CVE-2010-0829
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI…
Medium
CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual fo…
2010-05-06
Medium
CVE-2010-1731
Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
Medium
CVE-2010-1730
Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
Medium
CVE-2010-1729
WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an in…
Critical
CVE-2010-1728
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a de…
Medium
CVE-2010-1438
Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by…
Medium
CVE-2010-1735
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second ar…
Medium
CVE-2010-1734
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argu…
Medium
CVE-2009-4835
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of se…
2010-05-05
Medium
CVE-2010-0406
OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.
Medium
CVE-2010-0402
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code v…
Medium
CVE-2010-0401
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or…
2010-05-04
Medium
CVE-2010-1687
Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOT…
High
CVE-2010-0101
The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause…
2010-05-03
High
CVE-2010-1665
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown…
Medium
CVE-2010-1664
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via u…
2010-04-29
High
CVE-2010-1166
The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or po…
Medium
CVE-2010-1612
The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGI…
2010-04-28
Medium
CVE-2010-1592
sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoftware Sandra 16.10.2010.1 and earlier allows local users to gain privileges or cause a denial of service (system crash) via unspec…
2010-04-27
Medium
CVE-2010-1560
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.