CWE-399
2694 CVEs classified under CWE-399. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-8104 | Critical | 10.0 | 2015-11-16 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by… |
CVE-2018-0310 | Critical | 9.8 | 2018-06-21 | A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtai… |
CVE-2016-10390 | Critical | 9.8 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. |
CVE-2016-1363 | Critical | 9.8 | 2016-04-21 | Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 befor… |
CVE-2016-9814 | Critical | 9.1 | 2017-02-17 | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2… |
CVE-2015-1832 | Critical | 9.1 | 2016-10-03 | XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-d… |
CVE-2016-2208 | Critical | 9.1 | 2016-05-19 | The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of serv… |
CVE-2013-0022 | Critical | 9.0 | 2013-02-13 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to… |
CVE-2012-4787 | Critical | 9.0 | 2012-12-12 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers acc… |
CVE-2016-1778 | High | 8.8 | 2016-03-24 | WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c… |
CVE-2016-2536 | High | 8.8 | 2016-02-22 | Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. N… |
CVE-2013-0090 | High | 8.8 | 2013-03-13 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers… |
CVE-2012-4775 | High | 8.8 | 2012-11-14 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use Afte… |
CVE-2010-0048 | High | 8.8 | 2010-03-15 | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application… |
CVE-2010-0047 | High | 8.8 | 2010-03-15 | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application… |
CVE-2010-0806 | High | 8.8 | 2010-03-10 | Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute… |
CVE-2009-1544 | High | 8.8 | 2009-08-12 | Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a W… |
CVE-2009-0554 | High | 8.8 | 2009-04-15 | Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, an… |
CVE-2017-6607 | High | 8.7 | 2017-04-20 | A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the info… |
CVE-2024-20467 | High | 8.6 | 2024-09-25 | A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cau… |