| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. |
| The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. |
| query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters. |
| The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. |
| Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value. |
| The configuration utility in MatrikonOPC Security Gateway 1.0 allows remote attackers to cause a denial of service (unhandled exception and application crash) via a TCP RST packet. |
| The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer. |
| Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201. |
| Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. |
| Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. |
| Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." |
| Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. |
| The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." |
| chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. |
| lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. |
