Vulnerabilities (CVE)

Filtered by CWE-399
Total 2552 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2839 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 6.8 MEDIUM N/A
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2009-3466 1 Adobe 1 Shockwave Player 2025-04-09 9.3 HIGH N/A
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2008-3410 1 Epic Games 1 Unreal Tournament 3 2025-04-09 5.0 MEDIUM N/A
Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c.
CVE-2008-4844 1 Microsoft 1 Internet Explorer 2025-04-09 9.3 HIGH N/A
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
CVE-2007-5962 3 Foresight Linux, Redhat, Rpath 4 Appliances, Enterprise Linux, Fedora and 1 more 2025-04-09 7.1 HIGH N/A
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
CVE-2008-2752 1 Microsoft 1 Word 2025-04-09 7.1 HIGH N/A
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
CVE-2009-3615 2 Adium, Pidgin 2 Adium, Pidgin 2025-04-09 5.0 MEDIUM N/A
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
CVE-2008-5429 1 Incredimail 1 Incredimail 2025-04-09 4.3 MEDIUM N/A
Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
CVE-2008-6000 1 Gdata 3 Antivirus 2008, Internetsecurity 2008, Totalcare 2008 2025-04-09 7.2 HIGH N/A
The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents.
CVE-2007-1211 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 7.1 HIGH N/A
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.
CVE-2007-6698 1 Openldap 1 Openldap 2025-04-09 4.0 MEDIUM N/A
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.
CVE-2008-5006 1 University Of Washington 1 Imap Toolkit 2025-04-09 5.0 MEDIUM N/A
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
CVE-2009-3388 1 Mozilla 2 Firefox, Seamonkey 2025-04-09 9.3 HIGH N/A
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
CVE-2008-6218 1 Libpng 1 Libpng 2025-04-09 7.1 HIGH N/A
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
CVE-2009-1163 1 Cisco 1 Physical Access Gateway 2025-04-09 7.8 HIGH N/A
Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets.
CVE-2007-3106 2 Libvorbis, Rpath 2 Libvorbis, Rpath Linux 2025-04-09 6.8 MEDIUM N/A
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
CVE-2008-1996 1 Licq 1 Licq 2025-04-09 5.0 MEDIUM N/A
licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.
CVE-2009-0553 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2025-04-09 9.3 HIGH N/A
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2007-3893 1 Microsoft 1 Internet Explorer 2025-04-09 6.8 MEDIUM N/A
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
CVE-2009-0922 1 Postgresql 1 Postgresql 2025-04-09 4.0 MEDIUM N/A
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.