Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.4 HIGH | N/A |
|
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
|
|||||
| CVE-2008-4126 | 1 Debian | 2 Linux, Python-dns | 2025-04-09 | 6.4 MEDIUM | N/A |
|
PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.
|
|||||
| CVE-2007-3898 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Server 2003 | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
|
|||||
| CVE-2009-1892 | 1 Isc | 1 Dhcp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
|
|||||
| CVE-2009-1195 | 1 Apache | 1 Http Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
|
|||||
| CVE-2003-1566 | 1 Microsoft | 1 Internet Information Services | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.
|
|||||
| CVE-2008-1671 | 1 Kde | 1 Kde | 2025-04-09 | 4.6 MEDIUM | N/A |
|
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
|
|||||
| CVE-2008-2089 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
|
|||||
| CVE-2007-4687 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
|
|||||
| CVE-2008-1156 | 1 Cisco | 2 Cisco Ios, Ios | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
|
|||||
| CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2025-04-09 | 7.2 HIGH | N/A |
|
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration.
|
|||||
| CVE-2007-6210 | 1 Zabbix | 1 Zabbix Agentd | 2025-04-09 | 2.1 LOW | N/A |
|
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
|
|||||
| CVE-2007-1184 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
|
|||||
| CVE-2008-5710 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
|
|||||
| CVE-2007-3380 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.
|
|||||
| CVE-2008-5277 | 1 Powerdns | 1 Powerdns | 2025-04-09 | 4.3 MEDIUM | N/A |
|
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
|
|||||
| CVE-2009-2089 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
|
The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.
|
|||||
| CVE-2007-6723 | 3 Anonymityanywhere, Apple, Microsoft | 3 Tork, Mac Os X, Windows | 2025-04-09 | 4.3 MEDIUM | N/A |
|
TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.
|
|||||
| CVE-2009-1184 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.
|
|||||
| CVE-2008-1507 | 1 Peel | 1 Peel | 2025-04-09 | 7.5 HIGH | N/A |
|
PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access.
|
|||||
| CVE-2007-5964 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
|
|||||
| CVE-2008-1662 | 1 Hp | 2 Hp-ux, System Administration Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
|
|||||
| CVE-2007-6409 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.
|
|||||
| CVE-2009-1303 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
|
|||||
| CVE-2009-2335 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
|
|||||
| CVE-2008-2121 | 1 Sun | 1 Sunos | 2025-04-09 | 7.8 HIGH | N/A |
|
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.
|
|||||
| CVE-2008-5109 | 1 Adobe | 1 Flash Media Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software.
|
|||||
| CVE-2008-2060 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames."
|
|||||
| CVE-2007-6379 | 1 Badblue | 1 Badblue | 2025-04-09 | 5.0 MEDIUM | N/A |
|
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
|
|||||
| CVE-2009-2357 | 1 Yasinkaplan | 1 Tekradius | 2025-04-09 | 10.0 HIGH | N/A |
|
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
|
|||||
| CVE-2004-2763 | 1 Sun | 2 Iplanet Web Server, One Web Server | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
|
|||||
| CVE-2007-3759 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.
|
|||||
| CVE-2008-4100 | 1 Gnu | 1 Adns | 2025-04-09 | 6.4 MEDIUM | N/A |
|
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
|
|||||
| CVE-2009-1312 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
|
|||||
| CVE-2009-4442 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665.
|
|||||
| CVE-2009-0243 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices w ...
Show More |
|||||
| CVE-2007-6199 | 2 Rsync, Slackware | 2 Rsync, Slackware Linux | 2025-04-09 | 9.3 HIGH | N/A |
|
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
|
|||||
| CVE-2009-3376 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 9.3 HIGH | N/A |
|
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
|
|||||
| CVE-2006-7236 | 3 Debian, Invisible-island, Ubuntu | 3 Debian Linux, Xterm, Linux | 2025-04-09 | 9.3 HIGH | N/A |
|
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
|
|||||