Total
266766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0758 | 1 Avahi | 1 Avahi-daemon | 2024-02-28 | 7.8 HIGH | N/A |
| The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. | |||||
| CVE-2009-1287 | 1 Cisco | 1 Subscriber Edge Services Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2866 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104. | |||||
| CVE-2009-2195 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
| Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. | |||||
| CVE-2009-2796 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
| The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | |||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2024-02-28 | 5.0 MEDIUM | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2009-2559 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
| Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6806 | 1 7-shop | 1 7shop | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/. | |||||
| CVE-2009-2621 | 1 Squid-cache | 1 Squid | 2024-02-28 | 5.0 MEDIUM | N/A |
| Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. | |||||
| CVE-2009-3481 | 2 Isygen, Joomla | 2 Com Icrmbasic, Joomla | 2024-02-28 | 7.5 HIGH | N/A |
| A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1441 | 1 Google | 1 Chrome | 2024-02-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel. | |||||
| CVE-2009-1631 | 1 Gnome | 1 Evolution | 2024-02-28 | 2.1 LOW | N/A |
| The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2008-3799 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
| Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. | |||||
| CVE-2009-1219 | 1 Sun | 2 Java System Calendar Server, One Calendar Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. | |||||
| CVE-2008-2056 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Pix Security Appliance | 2024-02-28 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. | |||||
| CVE-2008-3706 | 1 Zeeways | 1 Zeejobsite | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2009-2308 | 2 Punbb, Punres | 2 Punbb, Affiliates Mod | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter. | |||||
| CVE-2008-4536 | 1 Ec-cube | 1 Ec-cube | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537. | |||||
| CVE-2008-6866 | 1 Php-nuke | 1 Current Issue Module | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action. | |||||
| CVE-2009-3126 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2024-02-28 | 9.3 HIGH | N/A |
| Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." | |||||