Vulnerabilities > Resource Management Errors

DATE CVE VULNERABILITY TITLE RISK
2006-11-03 CVE-2006-5656 Resource Management Errors vulnerability in Vilistextum 2.6.6/2.6.7
Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_align variable.
network
low complexity
vilistextum CWE-399
5.0
2006-11-01 CVE-2006-5645 Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.
network
low complexity
sophos CWE-399
5.0
2006-11-01 CVE-2006-4517 Resource Management Errors vulnerability in Novell Imanager
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.
network
low complexity
novell CWE-399
7.8
2006-10-27 CVE-2006-5467 Resource Management Errors vulnerability in Yukihiro Matsumoto Ruby 1.8
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
network
low complexity
yukihiro-matsumoto CWE-399
5.0
2006-10-27 CVE-2006-5568 Resource Management Errors vulnerability in Datawizard Ftpxq 3.0.1
FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command.
network
low complexity
datawizard CWE-399
5.0
2006-10-20 CVE-2006-5424 Resource Management Errors vulnerability in Justsystem Ichitaro 2006/2006Governmentedition/2006Trialedition
Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than CVE-2006-4326.
network
high complexity
justsystem CWE-399
5.1
2006-09-28 CVE-2006-2940 Resource Management Errors vulnerability in Openssl
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
network
low complexity
openssl CWE-399
7.8
2006-09-28 CVE-2006-2937 Resource Management Errors vulnerability in Openssl
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
network
low complexity
openssl CWE-399
7.8
2006-09-27 CVE-2006-4924 Resource Management Errors vulnerability in Openbsd Openssh
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
network
low complexity
openbsd CWE-399
7.8
2006-09-19 CVE-2006-4855 Resource Management Errors vulnerability in Symantec products
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
local
low complexity
symantec CWE-399
4.9