Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-399
Total 2596 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1308 1 Kde 1 Konqueror 2018-10-16 4.3 MEDIUM N/A
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
CVE-2007-1209 1 Microsoft 1 Windows Vista 2018-10-16 7.2 HIGH N/A
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
CVE-2007-1238 1 Microsoft 1 Office 2018-10-16 4.3 MEDIUM N/A
Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
CVE-2007-1211 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2018-10-16 7.1 HIGH N/A
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.
CVE-2007-0842 1 Microsoft 2 Visual C\+\+, Visual Studio 2018-10-16 5.0 MEDIUM N/A
The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
CVE-2007-0197 1 Apple 1 Mac Os X 2018-10-16 6.8 MEDIUM N/A
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
CVE-2008-2543 1 Asterisk 1 Asterisk-addons 2018-10-15 5.0 MEDIUM N/A
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.
CVE-2008-0984 2 Miro, Videolan 2 Miro Player, Vlc Media Player 2018-10-15 9.3 HIGH N/A
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
CVE-2008-0983 1 Lighttpd 1 Lighttpd 2018-10-15 5.0 MEDIUM N/A
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
CVE-2008-0974 2 Double-take Software, Hp 2 Double-take, Storageworks Double-take 2018-10-15 5.0 MEDIUM N/A
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector<T> value, which raises a "vector<T> too long" exception; or (2) a certain packet that raises an ospace/time/src\date.cpp exception.
CVE-2008-0979 2 Double-take Software, Hp 2 Double-take, Storageworks Double-take 2018-10-15 5.0 MEDIUM N/A
Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a function.
CVE-2008-0977 1 Double-take Software 1 Double-take 2018-10-15 5.0 MEDIUM N/A
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory.
CVE-2008-0976 2 Double-take Software, Hp 2 Double-take, Storageworks Double-take 2018-10-15 5.0 MEDIUM N/A
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1) 0x2722 or (2) 0x272a.
CVE-2008-0667 1 Adobe 1 Acrobat Reader 2018-10-15 4.3 MEDIUM N/A
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
CVE-2008-0658 1 Openldap 1 Openldap 2018-10-15 4.0 MEDIUM N/A
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
CVE-2008-0597 2 Easy Software Products, Redhat 3 Cups, Desktop, Enterprise Linux 2018-10-15 5.0 MEDIUM N/A
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
CVE-2008-0419 1 Mozilla 2 Firefox, Seamonkey 2018-10-15 9.3 HIGH N/A
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
CVE-2008-0412 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2018-10-15 9.3 HIGH N/A
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.
CVE-2008-0413 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2018-10-15 9.3 HIGH N/A
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.
CVE-2008-0212 4 Hp, Linux, Microsoft and 1 more 5 Hp-ux, Openview Network Node Manager, Linux Kernel and 2 more 2018-10-15 7.8 HIGH N/A
ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access.