Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-399
Total 2596 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2476 2 Opensuse, Wireshark 2 Opensuse, Wireshark 2018-10-30 6.1 MEDIUM N/A
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
CVE-2013-2126 3 Canonical, Libraw, Opensuse 3 Ubuntu Linux, Libraw, Opensuse 2018-10-30 7.5 HIGH N/A
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
CVE-2015-0248 5 Apache, Apple, Opensuse and 2 more 9 Subversion, Xcode, Opensuse and 6 more 2018-10-30 5.0 MEDIUM N/A
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
CVE-2015-0202 2 Apache, Opensuse 2 Subversion, Opensuse 2018-10-30 7.8 HIGH N/A
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
CVE-2014-9854 4 Canonical, Imagemagick, Opensuse and 1 more 7 Ubuntu Linux, Imagemagick, Leap and 4 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
CVE-2010-0477 1 Microsoft 2 Windows 7, Windows Server 2008 2018-10-30 10.0 HIGH N/A
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
CVE-2014-5146 2 Opensuse, Xen 2 Opensuse, Xen 2018-10-30 4.7 MEDIUM N/A
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
CVE-2012-2887 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.
CVE-2013-6649 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.
CVE-2014-9745 4 Canonical, Debian, Freetype and 1 more 4 Ubuntu Linux, Debian Linux, Freetype and 1 more 2018-10-30 5.0 MEDIUM N/A
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.
CVE-2014-9848 4 Canonical, Imagemagick, Opensuse and 1 more 10 Ubuntu Linux, Imagemagick, Leap and 7 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
CVE-2013-6621 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
CVE-2012-0454 2 Microsoft, Mozilla 6 Windows 7, Firefox, Firefox Esr and 3 more 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.
CVE-2014-3598 2 Opensuse, Python 2 Opensuse, Pillow 2018-10-30 5.0 MEDIUM N/A
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
CVE-2014-9744 2 Opensuse, Polarssl 2 Opensuse, Polarssl 2018-10-30 7.8 HIGH N/A
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
CVE-2015-6309 1 Cisco 2 Email Security Appliance, Email Security Appliance Firmware 2018-10-30 6.8 MEDIUM N/A
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.
CVE-2010-3225 1 Microsoft 2 Windows 7, Windows Vista 2018-10-30 7.6 HIGH N/A
Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."
CVE-2012-5147 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
CVE-2014-9850 4 Canonical, Imagemagick, Opensuse and 1 more 8 Ubuntu Linux, Imagemagick, Opensuse and 5 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
CVE-2012-2888 2 Google, Opensuse 2 Chrome, Opensuse 2018-10-30 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.