Vulnerabilities > Resource Management Errors
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-26 | CVE-2014-1642 | Resource Management Errors vulnerability in XEN The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. | 4.4 |
2014-01-19 | CVE-2013-4375 | Resource Management Errors vulnerability in multiple products The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. | 2.7 |
2014-01-15 | CVE-2014-0496 | Resource Management Errors vulnerability in Adobe Acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2014-01-15 | CVE-2013-6142 | Resource Management Errors vulnerability in Aveva Clearscada 2010/2013 DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages. | 4.3 |
2014-01-10 | CVE-2014-0664 | Resource Management Errors vulnerability in Cisco Unity Connection The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. | 6.8 |
2013-12-29 | CVE-2013-3846 | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/9 Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161. | 9.3 |
2013-12-16 | CVE-2013-3140 | Resource Management Errors vulnerability in Microsoft Internet Explorer 9 Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability." | 9.3 |
2013-12-13 | CVE-2012-6151 | Resource Management Errors vulnerability in multiple products Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. | 4.3 |
2013-12-12 | CVE-2013-1812 | Resource Management Errors vulnerability in multiple products The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | 4.3 |
2013-12-11 | CVE-2013-3902 | Resource Management Errors vulnerability in Microsoft Windows 7 and Windows Server 2008 Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-101 "Affected Software Windows 7 for 32-bit Systems Service Pack 1 (2893984)" | 7.2 |