Total
7436 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3873 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | |||||
CVE-2009-3096 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-0879 | 2 Ibm, Microsoft | 2 Director, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | |||||
CVE-2009-3872 | 2 Microsoft, Sun | 6 Windows, Java Se, Jdk and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. | |||||
CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | |||||
CVE-2007-6723 | 3 Anonymityanywhere, Apple, Microsoft | 3 Tork, Mac Os X, Windows | 2024-02-28 | 4.3 MEDIUM | N/A |
TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||
CVE-2009-1965 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2024-02-28 | 5.4 MEDIUM | N/A |
Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2008-3615 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2024-02-28 | 9.3 HIGH | N/A |
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
CVE-2009-1072 | 8 Canonical, Debian, Linux and 5 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | 4.9 MEDIUM | N/A |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. | |||||
CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2024-02-28 | 1.9 LOW | N/A |
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | |||||
CVE-2009-3831 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2024-02-28 | 9.3 HIGH | N/A |
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | |||||
CVE-2009-0438 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. | |||||
CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2024-02-28 | 4.4 MEDIUM | N/A |
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | |||||
CVE-2009-3902 | 2 Cherokee, Microsoft | 2 Cherokee Httpd, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. | |||||
CVE-2008-5112 | 1 Microsoft | 2 Windows, Windows 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. | |||||
CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. | |||||
CVE-2008-0212 | 4 Hp, Linux, Microsoft and 1 more | 5 Hp-ux, Openview Network Node Manager, Linux Kernel and 2 more | 2024-02-28 | 7.8 HIGH | N/A |
ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. | |||||
CVE-2008-0639 | 2 Microsoft, Novell | 2 Windows, Client | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. | |||||
CVE-2007-6046 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact. | |||||
CVE-2007-5473 | 2 Microsoft, Mono | 2 Windows, Mono | 2024-02-28 | 5.0 MEDIUM | N/A |
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. |