| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. |
| Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary data." |
| Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions. |
| Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." |
| JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a denial of service (memory consumption and application crash) via a long string at the end of a .wav file. |
| Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File). |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version. |
| MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. |
| ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. |
| ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |
| VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. |
| Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. |
| Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. |
| The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. |
| Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests. |
| osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled. |
| slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. |
| XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification. |
| Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information. |
| Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allows remote IRC servers to cause a denial of service (application crash) via a crafted CTCP response. |
