Total
2596 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3277 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2018-10-18 | 5.0 MEDIUM | N/A |
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument. | |||||
CVE-2006-2940 | 1 Openssl | 1 Openssl | 2018-10-18 | 7.8 HIGH | N/A |
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | |||||
CVE-2006-2937 | 1 Openssl | 1 Openssl | 2018-10-18 | 7.8 HIGH | N/A |
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | |||||
CVE-2006-2451 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 4.6 MEDIUM | N/A |
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions. | |||||
CVE-2006-2093 | 1 Nessus | 1 Nessus | 2018-10-18 | 2.6 LOW | N/A |
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. | |||||
CVE-2006-1993 | 1 Mozilla | 1 Firefox | 2018-10-18 | 5.1 MEDIUM | N/A |
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. | |||||
CVE-2006-1790 | 1 Mozilla | 1 Firefox | 2018-10-18 | 10.0 HIGH | N/A |
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. | |||||
CVE-2006-1593 | 2 X-doom, Zdaemon | 2 X-doom, Zdaemon | 2018-10-18 | 5.0 MEDIUM | N/A |
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index. | |||||
CVE-2006-1549 | 1 Php | 1 Php | 2018-10-18 | 2.1 LOW | N/A |
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. | |||||
CVE-2006-1305 | 1 Microsoft | 2 Office, Outlook | 2018-10-18 | 4.3 MEDIUM | N/A |
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. | |||||
CVE-2006-1173 | 1 Sendmail | 1 Sendmail | 2018-10-18 | 5.0 MEDIUM | N/A |
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. | |||||
CVE-2006-0967 | 1 Ncp Network Communications | 1 Secure Client | 2018-10-18 | 2.1 LOW | N/A |
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks. | |||||
CVE-2006-0966 | 1 Ncp Network Communications | 1 Secure Client | 2018-10-18 | 2.1 LOW | N/A |
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow. | |||||
CVE-2006-0911 | 1 Ipswitch | 1 Whatsup | 2018-10-18 | 5.0 MEDIUM | N/A |
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. | |||||
CVE-2006-6601 | 2 Microsoft, Windows | 2 Windows Xp, Media Player | 2018-10-17 | 4.3 MEDIUM | N/A |
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. | |||||
CVE-2006-5966 | 1 Panda | 1 Activescan | 2018-10-17 | 6.4 MEDIUM | N/A |
Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control. | |||||
CVE-2006-5857 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-17 | 9.3 HIGH | N/A |
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. | |||||
CVE-2006-5789 | 1 Jgaa | 1 Warftpd | 2018-10-17 | 4.0 MEDIUM | N/A |
War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312. | |||||
CVE-2006-5779 | 1 Openldap | 1 Openldap | 2018-10-17 | 5.0 MEDIUM | N/A |
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | |||||
CVE-2006-5645 | 1 Sophos | 2 Anti-virus, Endpoint Security | 2018-10-17 | 5.0 MEDIUM | N/A |
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. |