Total
2546 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0097 | 1 Microsoft | 1 Visio | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." | |||||
CVE-2008-4409 | 1 Xmlsoft | 1 Libxml2 | 2024-02-28 | 5.0 MEDIUM | N/A |
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. | |||||
CVE-2008-1742 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 7.8 HIGH | N/A |
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. | |||||
CVE-2009-1141 | 1 Microsoft | 3 Internet Explorer, Windows Server 2003, Windows Xp | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." | |||||
CVE-2009-1183 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | |||||
CVE-2008-5426 | 1 Kaspersky Lab | 1 Kaspersky Internet Security Suite | 2024-02-28 | 4.3 MEDIUM | N/A |
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
CVE-2008-3215 | 1 Clam Anti-virus | 1 Clamav | 2024-02-28 | 5.0 MEDIUM | N/A |
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. | |||||
CVE-2009-3466 | 1 Adobe | 1 Shockwave Player | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-4228 | 1 Xfig | 1 Xfig | 2024-02-28 | 4.3 MEDIUM | N/A |
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c. | |||||
CVE-2009-2526 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2024-02-28 | 7.8 HIGH | N/A |
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." | |||||
CVE-2009-0798 | 1 Tim Hockin | 1 Acpid | 2024-02-28 | 5.0 MEDIUM | N/A |
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. | |||||
CVE-2009-0259 | 1 Openoffice | 1 Openoffice.org | 2024-02-28 | 9.3 HIGH | N/A |
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. | |||||
CVE-2009-3371 | 1 Mozilla | 1 Firefox | 2024-02-28 | 10.0 HIGH | N/A |
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | |||||
CVE-2008-3613 | 1 Apple | 2 Mac Os X, Macbook Air | 2024-02-28 | 6.1 MEDIUM | N/A |
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | |||||
CVE-2009-0774 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | |||||
CVE-2009-3460 | 1 Adobe | 1 Acrobat | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2008-2244 | 1 Microsoft | 1 Office Word | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. | |||||
CVE-2009-2844 | 1 Linux | 2 Kernel, Linux Kernel | 2024-02-28 | 7.8 HIGH | N/A |
cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability. | |||||
CVE-2009-0095 | 1 Microsoft | 1 Visio | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." | |||||
CVE-2009-1196 | 1 Apple | 1 Cups | 2024-02-28 | 5.0 MEDIUM | N/A |
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." |