Search Results (2919 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1889 1 Microsoft 2 Windows Server 2008, Windows Vista 2025-04-11 7.8 High
Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
CVE-2010-1917 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.
CVE-2010-4707 2 Linux-pam, Redhat 2 Linux-pam, Enterprise Linux 2025-04-11 N/A
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
CVE-2010-1939 2 Apple, Microsoft 2 Safari, Windows 2025-04-11 N/A
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
CVE-2010-4754 4 Apple, Freebsd, Netbsd and 1 more 4 Mac Os X, Freebsd, Netbsd and 1 more 2025-04-11 N/A
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
CVE-2011-2373 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
CVE-2011-1878 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
CVE-2011-1879 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
CVE-2011-1883 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
CVE-2011-0667 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
CVE-2011-0670 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
CVE-2011-0671 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 8.4 High
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
CVE-2011-1922 1 Nlnetlabs 1 Unbound 2025-04-11 N/A
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
CVE-2011-1957 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.
CVE-2009-5013 1 G.rodola 1 Pyftpdlib 2025-04-11 N/A
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
CVE-2009-5024 1 Viewvc 1 Viewvc 2025-04-11 N/A
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
CVE-2009-5034 1 Ibm 1 Lotus Notes Traveler 2025-04-11 N/A
IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data.
CVE-2009-5037 1 Cisco 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 2025-04-11 N/A
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911.
CVE-2009-5040 1 Cisco 1 Ios 2025-04-11 N/A
CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.
CVE-2009-5062 1 Ibm 3 Aix, Lotus Domino, Lotus Quickr 2025-04-11 N/A
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.