Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-04-09 | N/A |
| The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | ||||
| CVE-2007-4687 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | ||||
| CVE-2009-0507 | 1 Ibm | 1 Websphere Process Server | 2025-04-09 | N/A |
| IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. | ||||
| CVE-2007-5375 | 1 Sun | 1 Java Virtual Machine | 2025-04-09 | N/A |
| Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM. | ||||
| CVE-2009-0489 | 1 David Paleino | 1 Wicd | 2025-04-09 | N/A |
| The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials. | ||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2025-04-09 | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | ||||
| CVE-2007-1184 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | ||||
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | ||||
| CVE-2008-5827 | 1 Nokia | 1 6131 Nfc | 2025-04-09 | N/A |
| The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag. | ||||
| CVE-2008-5109 | 1 Adobe | 1 Flash Media Server | 2025-04-09 | N/A |
| The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | ||||
| CVE-2009-0641 | 1 Freebsd | 1 Freebsd | 2025-04-09 | N/A |
| sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. | ||||
| CVE-2008-4100 | 1 Gnu | 1 Adns | 2025-04-09 | N/A |
| GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment. | ||||
| CVE-2009-4419 | 1 Intel | 5 Gm45 Chipset, Pm45 Express Chipset, Q35 Chipset and 2 more | 2025-04-09 | N/A |
| Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded. | ||||
| CVE-2009-0432 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2008-3177 | 1 Sophos | 5 Email Appliance, Es1000, Es4000 and 2 more | 2025-04-09 | N/A |
| Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | ||||
| CVE-2008-1923 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2025-04-09 | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. | ||||
| CVE-2009-1306 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||||
| CVE-2008-2121 | 1 Sun | 1 Sunos | 2025-04-09 | N/A |
| The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | ||||
| CVE-2008-2366 | 2 Openoffice, Redhat | 2 Openoffice, Enterprise Linux | 2025-04-09 | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | ||||
| CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2025-04-09 | N/A |
| The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | ||||