Vulnerabilities > Resource Management Errors

DATE CVE VULNERABILITY TITLE RISK
2006-09-14 CVE-2006-4775 Resource Management Errors vulnerability in Cisco Catos and IOS
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.
network
low complexity
cisco CWE-399
7.8
2006-09-14 CVE-2006-4774 Resource Management Errors vulnerability in Cisco IOS 12.1(19)
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.
network
low complexity
cisco CWE-399
7.8
2006-08-24 CVE-2006-4333 Resource Management Errors vulnerability in Wireshark
The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.
network
high complexity
wireshark CWE-399
5.4
2006-08-21 CVE-2006-4257 Resource Management Errors vulnerability in IBM DB2
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.
network
low complexity
ibm CWE-399
4.0
2006-08-21 CVE-2006-4145 Resource Management Errors vulnerability in Linux Kernel
The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
local
low complexity
linux CWE-399
4.9
2006-08-17 CVE-2006-3121 Resource Management Errors vulnerability in High Availability Linux Project Heartbeat
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
network
low complexity
high-availability-linux-project CWE-399
5.0
2006-08-09 CVE-2006-3122 Resource Management Errors vulnerability in ISC Dhcpd 2.0.Pl5/2.0Pl5
The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid."
network
low complexity
isc CWE-399
5.0
2006-08-09 CVE-2006-3083 Resource Management Errors vulnerability in multiple products
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
local
low complexity
heimdal mit CWE-399
7.2
2006-07-27 CVE-2006-3840 Resource Management Errors vulnerability in ISS products
The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.
network
low complexity
iss CWE-399
5.0
2006-07-21 CVE-2006-3631 Resource Management Errors vulnerability in Wireshark
Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
network
low complexity
wireshark CWE-399
5.0