Total
267 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2154 | 1 Ibm | 1 Db2 | 2024-11-21 | 6.0 MEDIUM | N/A |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | |||||
CVE-2008-2121 | 1 Sun | 1 Sunos | 2024-11-21 | 7.8 HIGH | N/A |
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | |||||
CVE-2008-2089 | 1 Sun | 1 Solaris | 2024-11-21 | 7.8 HIGH | N/A |
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | |||||
CVE-2008-2060 | 1 Cisco | 1 Intrusion Prevention System | 2024-11-21 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames." | |||||
CVE-2008-1923 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2024-11-21 | 7.1 HIGH | N/A |
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. | |||||
CVE-2008-1778 | 1 Sun | 1 Sunos | 2024-11-21 | 6.6 MEDIUM | N/A |
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. | |||||
CVE-2008-1671 | 1 Kde | 1 Kde | 2024-11-21 | 4.6 MEDIUM | N/A |
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. | |||||
CVE-2008-1662 | 1 Hp | 2 Hp-ux, System Administration Manager | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list." | |||||
CVE-2008-1525 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2024-11-21 | 5.0 MEDIUM | N/A |
The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address. | |||||
CVE-2008-1524 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2024-11-21 | 7.5 HIGH | N/A |
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by reading the Dynamic DNS service password or inserting an XSS sequence into the system.sysName.0 variable, which is displayed on the System Status page. | |||||
CVE-2008-1522 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2024-11-21 | 7.5 HIGH | N/A |
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access. | |||||
CVE-2008-1507 | 1 Peel | 1 Peel | 2024-11-21 | 7.5 HIGH | N/A |
PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account with password admin, and (2) a default contact@peel.fr account with password cinema, which allows remote attackers to gain administrative access. | |||||
CVE-2008-1392 | 2 Microsoft, Vmware | 4 Windows, Ace, Player and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors. | |||||
CVE-2008-1287 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | 5.0 MEDIUM | N/A |
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | |||||
CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2024-11-21 | 4.4 MEDIUM | N/A |
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | |||||
CVE-2008-1156 | 1 Cisco | 2 Cisco Ios, Ios | 2024-11-21 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | |||||
CVE-2008-0128 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | N/A |
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||||
CVE-2007-6724 | 2 Microsoft, Vidalia-project | 2 Windows, Vidalia Bundle | 2024-11-21 | 5.0 MEDIUM | N/A |
Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||
CVE-2007-6723 | 3 Anonymityanywhere, Apple, Microsoft | 3 Tork, Mac Os X, Windows | 2024-11-21 | 4.3 MEDIUM | N/A |
TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||
CVE-2007-6722 | 3 Apple, Microsoft, Vidalia-project | 3 Mac Os X, Windows, Vidalia Bundle | 2024-11-21 | 5.0 MEDIUM | N/A |
Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. |