Total
2696 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4546 | 1 Adobe | 1 Flash Player | 2018-10-11 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. | |||||
| CVE-2008-4382 | 1 Kde | 1 Konqueror | 2018-10-11 | 5.0 MEDIUM | N/A |
| Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | |||||
| CVE-2008-4381 | 1 Microsoft | 1 Internet Explorer | 2018-10-11 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | |||||
| CVE-2008-4324 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-11 | 5.0 MEDIUM | N/A |
| The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. | |||||
| CVE-2008-4298 | 1 Lighttpd | 1 Lighttpd | 2018-10-11 | 5.0 MEDIUM | N/A |
| Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | |||||
| CVE-2008-3656 | 1 Ruby-lang | 1 Ruby | 2018-10-11 | 7.8 HIGH | N/A |
| Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. | |||||
| CVE-2008-3641 | 1 Apple | 1 Cups | 2018-10-11 | 10.0 HIGH | N/A |
| The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | |||||
| CVE-2008-3627 | 1 Apple | 1 Quicktime | 2018-10-11 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. | |||||
| CVE-2008-3410 | 1 Epic Games | 1 Unreal Tournament 3 | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c. | |||||
| CVE-2008-3290 | 1 Emc Dantz | 1 Retrospect Backup Client | 2018-10-11 | 5.0 MEDIUM | N/A |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version. | |||||
| CVE-2008-3263 | 1 Asterisk | 1 Asterisk | 2018-10-11 | 7.8 HIGH | N/A |
| The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. | |||||
| CVE-2008-2811 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 10.0 HIGH | N/A |
| The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. | |||||
| CVE-2008-2799 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. | |||||
| CVE-2008-2798 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. | |||||
| CVE-2008-2441 | 1 Cisco | 2 Secure Access Control Server, Secure Acs | 2018-10-11 | 7.5 HIGH | N/A |
| Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet. | |||||
| CVE-2008-2435 | 1 Trend Micro | 1 Housecall | 2018-10-11 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. | |||||
| CVE-2008-2014 | 1 Mozilla | 1 Firefox | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | |||||
| CVE-2008-2005 | 1 Wonderware | 2 Intouch, Suitelink | 2018-10-11 | 5.0 MEDIUM | N/A |
| The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. | |||||
| CVE-2008-2000 | 1 Apple | 1 Safari | 2018-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | |||||
| CVE-2008-1927 | 1 Perl | 1 Perl | 2018-10-11 | 5.0 MEDIUM | N/A |
| Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. | |||||