Total
1045 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2249 | 9 Apple, Canonical, Debian and 6 more | 13 Iphone Os, Itunes, Safari and 10 more | 2024-11-21 | 6.5 Medium |
| Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||||
| CVE-2009-5063 | 1 Libpng | 1 Libpng | 2024-11-21 | N/A |
| Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244. | ||||
| CVE-2009-4355 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Openssl | 2024-11-21 | N/A |
| Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||||
| CVE-2009-3228 | 3 Canonical, Linux, Redhat | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. | ||||
| CVE-2009-1632 | 2 Ipsec-tools, Redhat | 2 Ipsec-tools, Enterprise Linux | 2024-11-21 | N/A |
| Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. | ||||
| CVE-2009-1378 | 3 Canonical, Openssl, Redhat | 3 Ubuntu Linux, Openssl, Enterprise Linux | 2024-11-21 | N/A |
| Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." | ||||
| CVE-2009-1341 | 2 Debian, Redhat | 2 Libdbd-pg-perl, Enterprise Linux | 2024-11-21 | N/A |
| Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. | ||||
| CVE-2009-0581 | 5 Gimp, Littlecms, Mozilla and 2 more | 5 Gimp, Little Cms, Firefox and 2 more | 2024-11-21 | N/A |
| Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. | ||||
| CVE-2008-6218 | 1 Libpng | 1 Libpng | 2024-11-21 | N/A |
| Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. | ||||
| CVE-2008-4298 | 1 Lighttpd | 1 Lighttpd | 2024-11-21 | N/A |
| Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. | ||||
| CVE-2008-3913 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | N/A |
| Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". | ||||
| CVE-2008-3652 | 2 Ipsec-tools, Redhat | 2 Ipsec-tools, Enterprise Linux | 2024-11-21 | N/A |
| src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). | ||||
| CVE-2008-3651 | 2 Linux, Redhat | 2 Ipsec Tools Racoon Daemon, Enterprise Linux | 2024-11-21 | N/A |
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. | ||||
| CVE-2008-3283 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2024-11-21 | N/A |
| Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. | ||||
| CVE-2008-2956 | 1 Pidgin | 1 Pidgin | 2024-11-21 | N/A |
| Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details." | ||||
| CVE-2008-2807 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file. | ||||
| CVE-2008-2375 | 1 Redhat | 2 Enterprise Linux, Vsftpd | 2024-11-21 | N/A |
| Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. | ||||
| CVE-2008-2136 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-11-21 | N/A |
| Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. | ||||
| CVE-2008-1678 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2024-11-21 | N/A |
| Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. | ||||
| CVE-2008-0596 | 2 Easy Software Products, Redhat | 3 Cups, Desktop, Enterprise Linux | 2024-11-21 | N/A |
| Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. | ||||