CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2006(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2006-2019 DoS 2006-04-25 2018-10-18
5.0
None Remote Low Not required None None Partial
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
602 CVE-2006-2017 DoS 2006-04-25 2017-07-19
5.0
None Remote Low Not required None None Partial
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.
603 CVE-2006-2012 DoS 2006-04-25 2018-10-18
5.0
None Remote Low Not required None None Partial
Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.
604 CVE-2006-1999 DoS 2006-04-25 2018-10-18
5.0
None Remote Low Not required None None Partial
The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.
605 CVE-2006-1998 DoS 2006-04-25 2018-10-18
2.1
None Local Low Not required None None Partial
OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.
606 CVE-2006-1993 399 DoS Exec Code Overflow 2006-04-25 2018-10-18
5.1
User Remote High Not required Partial Partial Partial
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
607 CVE-2006-1992 399 DoS Exec Code 2006-04-24 2018-10-18
2.6
None Remote High Not required None None Partial
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.
608 CVE-2006-1991 399 DoS 2006-04-24 2017-07-19
6.4
None Remote Low Not required None Partial Partial
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
609 CVE-2006-1988 DoS 2006-04-21 2017-07-19
5.0
None Remote Low Not required None None Partial
The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.
610 CVE-2006-1987 DoS Exec Code 2006-04-21 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible.
611 CVE-2006-1986 DoS Exec Code 2006-04-21 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl.
612 CVE-2006-1984 DoS 2006-04-21 2017-07-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.
613 CVE-2006-1983 119 DoS Exec Code Overflow 2006-04-21 2017-07-19
6.4
None Remote Low Not required None Partial Partial
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
614 CVE-2006-1973 DoS 2006-04-21 2017-07-19
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.
615 CVE-2006-1966 DoS 2006-04-21 2018-10-18
5.0
None Remote Low Not required None None Partial
An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST.
616 CVE-2006-1957 20 DoS 2006-04-21 2018-10-18
5.0
None Remote Low Not required None None Partial
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
617 CVE-2006-1941 DoS 2006-04-20 2018-10-18
5.0
None Remote Low Not required None None Partial
Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.
618 CVE-2006-1940 DoS 2006-04-25 2017-10-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.
619 CVE-2006-1939 DoS 2006-04-25 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.
620 CVE-2006-1938 DoS 2006-04-25 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector.
621 CVE-2006-1937 DoS 2006-04-25 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
622 CVE-2006-1935 DoS Exec Code Overflow 2006-04-25 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.
623 CVE-2006-1934 DoS Exec Code Overflow 2006-04-25 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
624 CVE-2006-1933 DoS 2006-04-25 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.
625 CVE-2006-1931 DoS 2006-04-20 2018-10-03
5.0
None Remote Low Not required None None Partial
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
626 CVE-2006-1928 DoS 2006-04-20 2017-07-19
5.0
None Remote Low Not required None None Partial
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531.
627 CVE-2006-1927 DoS 2006-04-20 2017-07-19
5.0
None Remote Low Not required None None Partial
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475.
628 CVE-2006-1901 DoS 2006-04-20 2018-10-18
5.0
None Remote Low Not required None None Partial
Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724.
629 CVE-2006-1862 DoS 2006-05-24 2017-10-10
4.9
None Local Low Not required None None Complete
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
630 CVE-2006-1861 189 DoS Exec Code Overflow 2006-05-23 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
631 CVE-2006-1860 DoS 2006-05-11 2017-07-19
2.1
None Local Low Not required None None Partial
lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.
632 CVE-2006-1859 DoS 2006-05-11 2017-07-19
2.1
None Local Low Not required None None Partial
Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak."
633 CVE-2006-1858 20 DoS Exec Code 2006-05-22 2017-10-10
7.8
None Remote Low Not required None None Complete
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
634 CVE-2006-1857 119 DoS Exec Code Overflow 2006-05-22 2017-10-10
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
635 CVE-2006-1855 DoS 2006-05-18 2017-10-10
2.1
None Local Low Not required None None Partial
choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.
636 CVE-2006-1840 134 DoS 2006-04-19 2017-07-19
6.4
None Remote Low Not required None Partial Partial
Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions.
637 CVE-2006-1814 DoS 2006-04-18 2017-07-19
2.1
None Local Low Not required None None Partial
NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory.
638 CVE-2006-1797 DoS 2006-04-18 2017-07-19
4.9
None Local Low Not required None None Complete
The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference.
639 CVE-2006-1790 399 DoS Exec Code Mem. Corr. 2006-04-14 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
640 CVE-2006-1780 DoS 2006-04-13 2018-10-30
2.1
None Local Low Not required None None Partial
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.
641 CVE-2006-1739 119 DoS Exec Code Overflow 2006-04-14 2018-10-18
9.3
None Remote Medium Not required Complete Complete Complete
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
642 CVE-2006-1738 DoS 2006-04-14 2018-10-18
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.
643 CVE-2006-1737 189 DoS Exec Code Overflow 2006-04-14 2018-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
644 CVE-2006-1724 DoS Exec Code 2006-04-14 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
645 CVE-2006-1723 DoS Exec Code 2006-04-14 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
646 CVE-2006-1721 20 DoS 2006-04-11 2018-10-18
2.6
None Remote High Not required None None Partial
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
647 CVE-2006-1719 DoS 2006-04-11 2018-10-18
5.0
None Remote Low Not required None None Partial
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
648 CVE-2006-1693 DoS 2006-04-11 2017-07-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument.
649 CVE-2006-1671 DoS 2006-04-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558.
650 CVE-2006-1670 DoS 2006-04-07 2018-10-30
7.8
None Remote Low Not required None None Complete
Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910.
Total number of vulnerabilities : 893   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.