Total
2554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2099 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | |||||
| CVE-2006-4333 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 5.4 MEDIUM | N/A |
| The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. | |||||
| CVE-2006-2069 | 1 Powerdns | 1 Powerdns | 2023-12-10 | 5.0 MEDIUM | N/A |
| The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets. | |||||
| CVE-2006-2093 | 1 Nessus | 1 Nessus | 2023-12-10 | 2.6 LOW | N/A |
| Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. | |||||
| CVE-2006-0883 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2023-12-10 | 5.0 MEDIUM | N/A |
| OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. | |||||
| CVE-2006-0749 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. | |||||
| CVE-2004-0918 | 6 Gentoo, Openpkg, Redhat and 3 more | 6 Linux, Openpkg, Fedora Core and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | |||||
| CVE-2005-2370 | 2 Ekg, Rob Flynn | 2 Ekg, Gaim | 2023-12-10 | 5.0 MEDIUM | N/A |
| Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | |||||
| CVE-2006-0967 | 1 Ncp Network Communications | 1 Secure Client | 2023-12-10 | 2.1 LOW | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks. | |||||
| CVE-2005-2800 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | N/A |
| Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. | |||||
| CVE-2006-1338 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2023-12-10 | 5.0 MEDIUM | N/A |
| Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails". | |||||
| CVE-2005-3625 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2023-12-10 | 10.0 HIGH | N/A |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." | |||||
| CVE-2006-3627 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2006-0362 | 1 3com | 1 Tippingpoint Ips Tos | 2023-12-10 | 5.0 MEDIUM | N/A |
| TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header. | |||||
| CVE-2006-0966 | 1 Ncp Network Communications | 1 Secure Client | 2023-12-10 | 2.1 LOW | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow. | |||||
| CVE-2006-0911 | 1 Ipswitch | 1 Whatsup | 2023-12-10 | 5.0 MEDIUM | N/A |
| NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. | |||||
| CVE-2006-1275 | 1 Ggz Gaming Zone | 1 Ggz Gaming Zone | 2023-12-10 | 5.0 MEDIUM | N/A |
| GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ' (apostrophe) character on the ID attribute in a PLAYER XML tag, (2) joining with a long ID attribute or non-trailing ' characters, which causes a <none> name to be assigned, and then disconnecting, or (3) a long CDATA message attribute, which prevents closing tags from being added to the string. | |||||
| CVE-2006-2451 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.6 MEDIUM | N/A |
| The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. | |||||
| CVE-2006-1525 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | N/A |
| ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference. | |||||
| CVE-2006-3083 | 2 Heimdal, Mit | 2 Heimdal, Kerberos 5 | 2023-12-10 | 7.2 HIGH | N/A |
| The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. | |||||