| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability." |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability." |
| chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. |
| WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
| Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file. |
| The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. |
| Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. |
| drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. |
| The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error. |
| The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage) via crafted C37.118 configuration packets. |
| The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. |
| Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. |
| Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201. |
| gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. |
| Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879. |
| Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. |
| Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. |
| Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. |
| Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. |
