Vulnerabilities (CVE)

Filtered by CWE-399
Total 2552 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4813 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.
CVE-2006-6304 1 Linux 1 Linux Kernel 2025-04-09 7.5 HIGH N/A
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
CVE-2008-4031 1 Microsoft 8 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Outlook and 5 more 2025-04-09 9.3 HIGH N/A
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability."
CVE-2007-6356 1 Aertherwide 1 Exiftags 2025-04-09 5.0 MEDIUM N/A
exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.
CVE-2007-6523 1 Opera 1 Opera Browser 2025-04-09 7.8 HIGH N/A
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
CVE-2007-4617 1 Bea 1 Weblogic Server 2025-04-09 7.8 HIGH N/A
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors.
CVE-2008-4298 1 Lighttpd 1 Lighttpd 2025-04-09 5.0 MEDIUM N/A
Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
CVE-2008-5079 1 Linux 1 Linux Kernel 2025-04-09 4.9 MEDIUM N/A
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
CVE-2008-5300 1 Linux 1 Linux Kernel 2025-04-09 4.9 MEDIUM N/A
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
CVE-2009-3797 1 Adobe 2 Adobe Air, Flash Player 2025-04-09 9.3 HIGH N/A
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
CVE-2009-0626 1 Cisco 1 Ios 2025-04-09 7.8 HIGH N/A
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
CVE-2007-5347 1 Microsoft 2 Ie, Internet Explorer 2025-04-09 6.8 MEDIUM N/A
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
CVE-2007-4660 1 Php 1 Php 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
CVE-2009-2542 1 Netscape 1 Navigator 2025-04-09 4.3 MEDIUM N/A
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2009-4448 1 Mybboard 1 Mybb 2025-04-09 5.0 MEDIUM N/A
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
CVE-2009-2473 1 Webdav 1 Neon 2025-04-09 4.3 MEDIUM N/A
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2009-2526 1 Microsoft 2 Windows Server 2008, Windows Vista 2025-04-09 7.8 HIGH N/A
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
CVE-2006-5619 1 Linux 1 Linux Kernel 2025-04-09 2.1 LOW N/A
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.
CVE-2008-2734 1 Cisco 1 Adaptive Security Appliance 5500 2025-04-09 7.1 HIGH N/A
Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472.
CVE-2009-0635 1 Cisco 1 Ios 2025-04-09 7.1 HIGH N/A
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.