Search Results (2918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1847 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.
CVE-2010-0659 2 Apple, Google 2 Webkit, Chrome 2025-04-11 N/A
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.
CVE-2012-3747 1 Apple 1 Iphone Os 2025-04-11 N/A
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2012-3726 1 Apple 1 Iphone Os 2025-04-11 N/A
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
CVE-2011-2975 2 Osgeo, Umn 2 Mapserver, Mapserver 2025-04-11 N/A
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
CVE-2010-0406 1 Openttd 1 Openttd 2025-04-11 N/A
OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.
CVE-2013-0233 3 Opensuse, Plataformatec, Ruby-lang 3 Opensuse, Devise, Ruby 2025-04-11 N/A
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
CVE-2013-0994 2 Apple, Microsoft 4 Itunes, Windows 7, Windows Vista and 1 more 2025-04-11 N/A
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1681 2 Mozilla, Redhat 5 Firefox, Thunderbird, Thunderbird Esr and 2 more 2025-04-11 N/A
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2009-5111 1 Goahead 1 Goahead Webserver 2025-04-11 N/A
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-0841 3 Apple, Redhat, Xmlsoft 3 Iphone Os, Enterprise Linux, Libxml2 2025-04-11 N/A
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
CVE-2011-2952 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.
CVE-2011-2955 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.
CVE-2011-4073 2 Redhat, Xelerance 2 Enterprise Linux, Openswan 2025-04-11 N/A
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
CVE-2009-5110 1 Dhttpd 1 Dhttpd 2025-04-11 N/A
dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2010-0160 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2025-04-11 N/A
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2012-3079 1 Cisco 1 Ios 2025-04-11 N/A
Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.
CVE-2011-3934 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.
CVE-2011-0355 2 Cisco, Vmware 3 1000v Virtual Ethernet Module \(vem\), Esx, Esxi 2025-04-11 N/A
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.
CVE-2010-2225 1 Php 1 Php 2025-04-11 N/A
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.