Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0061 | 1 Cisco | 5 4400 Wireless Lan Controller, Catalyst 3750 Series Integrated Wireless Lan Controller, Catalyst 6500 Series Integrated Wireless Lan Controller and 2 more | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets. | |||||
CVE-2009-2044 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | |||||
CVE-2009-4101 | 2 Didier Ernotte, Mozilla | 2 Inforss, Firefox | 2024-02-28 | 9.3 HIGH | N/A |
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||||
CVE-2008-1014 | 1 Apple | 1 Quicktime | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
CVE-2008-2933 | 1 Mozilla | 1 Firefox | 2024-02-28 | 2.6 LOW | N/A |
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. | |||||
CVE-2008-4927 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-3523 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2024-02-28 | 6.9 MEDIUM | N/A |
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. | |||||
CVE-2008-1030 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 10.0 HIGH | N/A |
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | |||||
CVE-2008-5431 | 1 5e5 | 1 Teamtek Universal Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command. | |||||
CVE-2009-3545 | 1 Datawizard | 1 Ftpxq Server | 2024-02-28 | 4.0 MEDIUM | N/A |
DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command. | |||||
CVE-2008-2061 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 7.8 HIGH | N/A |
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. | |||||
CVE-2008-4919 | 1 Visagesoft | 1 Expert Pdf Viewer Activex | 2024-02-28 | 8.8 HIGH | N/A |
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. | |||||
CVE-2008-5545 | 2 Microsoft, Trend Micro | 2 Internet Explorer, Trend Micro Antivirus | 2024-02-28 | 9.3 HIGH | N/A |
Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2009-4102 | 2 Mozilla, Sage.mozdev | 2 Firefox, Sage | 2024-02-28 | 9.3 HIGH | N/A |
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||||
CVE-2008-3199 | 1 Resiprocate | 1 Resiprocate | 2024-02-28 | 7.8 HIGH | N/A |
Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow remote attackers to cause a denial of service (stack consumption) via unknown network traffic with a large "bytes-in-memory/bytes-on-wire ratio." | |||||
CVE-2009-2304 | 1 Avatic | 1 Aardvark Topsites Php | 2024-02-28 | 5.0 MEDIUM | N/A |
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message. | |||||
CVE-2008-2007 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1035. Reason: This candidate is a reservation duplicate of CVE-2008-1035. Notes: All CVE users should reference CVE-2008-1035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2008-7088 | 1 Photopost | 1 Photopost Vbgallery | 2024-02-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor. | |||||
CVE-2008-3584 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 9.3 HIGH | N/A |
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. | |||||
CVE-2009-0845 | 1 Mit | 2 Kerberos, Kerberos 5 | 2024-02-28 | 5.0 MEDIUM | N/A |
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. |