Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5894 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 9.3 HIGH | N/A |
|
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occu ...
Show More |
|||||
| CVE-2009-4294 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
|
|||||
| CVE-2008-0859 | 1 Kerio | 1 Kerio Mailserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
|
|||||
| CVE-2007-5717 | 1 Sun | 2 Embedded Lights Out Manager, Sun Fire | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vulnerability than CVE-2007-5170.
|
|||||
| CVE-2007-0634 | 1 Sun | 1 Solaris | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
|
|||||
| CVE-2009-3979 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2009-2563 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
|
|||||
| CVE-2008-5915 | 1 Google | 1 Chrome | 2025-04-09 | 2.1 LOW | N/A |
|
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for track ...
Show More |
|||||
| CVE-2007-4372 | 2 Microsoft, Netwin | 2 Windows 2003 Server, Surgemail | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
|
|||||
| CVE-2009-1782 | 1 F-secure | 6 Anti-virus, Client Security, Home Server Security and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.
|
|||||
| CVE-2007-5689 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 10.0 HIGH | N/A |
|
The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
|
|||||
| CVE-2008-1813 | 1 Oracle | 2 Database 9i, Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on r ...
Show More |
|||||
| CVE-2009-1899 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin."
|
|||||
| CVE-2008-3538 | 2 Hp, Microsoft | 2 Enterprise Discovery, Windows | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery.
|
|||||
| CVE-2007-4637 | 1 Xgb | 1 Xgb | 2025-04-09 | 6.4 MEDIUM | N/A |
|
xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.
|
|||||
| CVE-2008-3650 | 1 Horde | 1 Groupware Webmail Edition | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.
|
|||||
| CVE-2008-4923 | 1 Mw6 Technologies | 1 Aztec Activex | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
|
|||||
| CVE-2007-3907 | 1 Ledgersmb | 1 Ledgersmb | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
|
|||||
| CVE-2009-3096 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a C ...
Show More |
|||||
| CVE-2009-2651 | 1 Digium | 1 Asterisk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
|
|||||
| CVE-2007-6238 | 1 Apple | 1 Quicktime | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. Ho ...
Show More |
|||||
| CVE-2008-2624 | 1 Oracle | 1 Database 10g | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2008-7190 | 1 Adium | 1 Adium | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).
|
|||||
| CVE-2008-2226 | 1 Openkm | 1 Openkm | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5347 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
|
|||||
| CVE-2009-4519 | 1 Ortro | 1 Ortro | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors.
|
|||||
| CVE-2008-4013 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2008-3987 | 1 Oracle | 1 Application Server | 2025-04-09 | 1.0 LOW | N/A |
|
Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2008-5244 | 1 Xine | 1 Xine-lib | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
|
|||||
| CVE-2008-7195 | 1 Fujitsu | 1 Interstage Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL.
|
|||||
| CVE-2009-4492 | 1 Ruby-lang | 2 Ruby, Webrick | 2025-04-09 | 7.5 HIGH | N/A |
|
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
|
|||||
| CVE-2008-3947 | 1 Hp | 1 Openvms | 2025-04-09 | 7.2 HIGH | N/A |
|
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
|
|||||
| CVE-2007-3858 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13).
|
|||||
| CVE-2008-3243 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.
|
|||||
| CVE-2008-3373 | 1 Grisoft | 1 Avg Antivirus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.
|
|||||
| CVE-2009-3393 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.
|
|||||
| CVE-2009-1860 | 1 Adobe | 1 Shockwave Player | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.
|
|||||
| CVE-2006-5363 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 2.6 LOW | N/A |
|
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02.
|
|||||
| CVE-2008-3653 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
|
|||||
| CVE-2010-0070 | 1 Oracle | 1 Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.
|
|||||