Total
2696 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3797 | 1 Adobe | 2 Adobe Air, Flash Player | 2017-09-19 | 9.3 HIGH | N/A |
| Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | |||||
| CVE-2009-3615 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. | |||||
| CVE-2009-3466 | 1 Adobe | 1 Shockwave Player | 2017-09-19 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3388 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | |||||
| CVE-2009-3371 | 1 Mozilla | 1 Firefox | 2017-09-19 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | |||||
| CVE-2009-3272 | 1 Apple | 1 Safari | 2017-09-19 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. | |||||
| CVE-2009-2972 | 1 Sun | 1 Solaris | 2017-09-19 | 7.8 HIGH | N/A |
| in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb." | |||||
| CVE-2009-2958 | 1 Thekelleys | 1 Dnsmasq | 2017-09-19 | 4.3 MEDIUM | N/A |
| The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. | |||||
| CVE-2009-2694 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2017-09-19 | 10.0 HIGH | N/A |
| The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. | |||||
| CVE-2009-2664 | 1 Mozilla | 1 Firefox | 2017-09-19 | 5.0 MEDIUM | N/A |
| The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. | |||||
| CVE-2009-2487 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-19 | 7.8 HIGH | N/A |
| Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2009-2473 | 1 Webdav | 1 Neon | 2017-09-19 | 4.3 MEDIUM | N/A |
| neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
| CVE-2009-2469 | 1 Mozilla | 1 Firefox | 2017-09-19 | 10.0 HIGH | N/A |
| Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | |||||
| CVE-2015-6394 | 1 Cisco | 1 Nx-os | 2017-09-14 | 4.9 MEDIUM | N/A |
| The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. | |||||
| CVE-2015-6391 | 1 Cisco | 1 Unified Sip Phone 3900 Firmware | 2017-09-14 | 7.8 HIGH | N/A |
| Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331. | |||||
| CVE-2015-6386 | 1 Cisco | 1 Web Security Appliance | 2017-09-14 | 5.0 MEDIUM | N/A |
| The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. | |||||
| CVE-2015-6382 | 1 Cisco | 1 Asr 5000 Series Software | 2017-09-14 | 5.0 MEDIUM | N/A |
| Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. | |||||
| CVE-2015-5001 | 1 Ibm | 1 Websphere Portal | 2017-09-14 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document. | |||||
| CVE-2014-6438 | 1 Ruby-lang | 1 Ruby | 2017-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. | |||||
| CVE-2015-0617 | 1 Cisco | 1 Asr 5000 Series Software | 2017-09-08 | 5.0 MEDIUM | N/A |
| Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393. | |||||