Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2395 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
|
|||||
| CVE-2010-0075 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.
|
|||||
| CVE-2009-1037 | 1 Drupal | 2 Drupal, Print | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API.
|
|||||
| CVE-2009-1537 | 1 Microsoft | 5 Directx, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
|
|||||
| CVE-2009-1991 | 1 Oracle | 1 Database Server | 2025-04-09 | 3.6 LOW | N/A |
|
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that this is for multiple SQL injection vulnerabilities via the (1) idx_owner or (2) idx_name parameters to the create_tables procedure.
|
|||||
| CVE-2008-5452 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2009-3468 | 1 Sun | 1 Solaris | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Trusted Extensions is enabled, allow local users to execute arbitrary commands or bypass the Mandatory Access Control (MAC) policy via unknown vectors, related to a menu typo and the Style Manager.
|
|||||
| CVE-2007-6194 | 1 Hp | 1 Select Identity | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors.
|
|||||
| CVE-2009-2701 | 1 Zope | 1 Zodb | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
|
|||||
| CVE-2008-4925 | 1 Mw6 Technologies | 1 Datamatrix Activex | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
|
|||||
| CVE-2009-0391 | 1 Ibm | 2 Websphere Application Server, Zos | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2009-2991 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2008-3488 | 1 Novell | 1 Imanager | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.
|
|||||
| CVE-2009-3415 | 1 Oracle | 1 Database Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2008-7012 | 1 Accellion | 1 Secure File Transfer Appliance | 2025-04-09 | 7.8 HIGH | N/A |
|
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
|
|||||
| CVE-2009-3409 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 3.6 LOW | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2009-2643 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Professional Software | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
|
|||||
| CVE-2007-4574 | 3 Amd, Intel, Redhat | 3 Amd64, Ia64, Enterprise Linux | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors.
|
|||||
| CVE-2009-4306 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.
|
|||||
| CVE-2008-7196 | 1 Mark Reinsfelder | 1 Metashell | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.
|
|||||
| CVE-2009-4007 | 1 Openttd | 1 Openttd | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.
|
|||||
| CVE-2009-0995 | 1 Oracle | 2 E-business Suite, E-business Suite 12 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors.
|
|||||
| CVE-2008-6767 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 10.0 HIGH | N/A |
|
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.
|
|||||
| CVE-2007-3922 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.
|
|||||
| CVE-2008-2169 | 2 Avici, Hitachi | 4 Router, Gr2000, Gr3000 and 1 more | 2025-04-09 | 7.1 HIGH | 7.5 HIGH |
|
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
|
|||||
| CVE-2008-7149 | 1 Agilewiki | 1 Agilewiki | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.
|
|||||
| CVE-2008-4188 | 1 Typo3 | 1 Secure Directory | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."
|
|||||
| CVE-2007-5640 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2025-04-09 | 7.1 HIGH | N/A |
|
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.
|
|||||
| CVE-2008-4306 | 1 Ubuntu | 1 Linux | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
|
|||||
| CVE-2006-3651 | 1 Microsoft | 2 Office, Word | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
|
|||||
| CVE-2008-1831 | 1 Oracle | 1 Siebel Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.
|
|||||
| CVE-2007-6438 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
|
|||||
| CVE-2009-0505 | 1 Ibm | 1 Txseries | 2025-04-09 | 9.0 HIGH | N/A |
|
The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for a forcepurge acknowledgement from the CICS Application Server (CICSAS) after an eci response timeout, which might allow remote authenticated users to cause a denial of service (forcepurge handling delay), or have unspecified other impact, via vectors involving slow or nonexistent acknowledgement.
|
|||||
| CVE-2007-0720 | 2 Apple, Cups | 2 Mac Os X, Cups | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
|
|||||
| CVE-2008-2641 | 1 Adobe | 2 Acrobat 3d, Acrobat Reader | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
|
|||||
| CVE-2009-1443 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
|
|||||
| CVE-2008-4576 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
|
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
|
|||||
| CVE-2008-1688 | 1 Gnu | 1 M4 | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
|
|||||
| CVE-2008-2749 | 1 Sun | 2 Java System Calendar Server, One Calendar Server | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
|
|||||
| CVE-2008-1945 | 6 Canonical, Debian, Opensuse and 3 more | 9 Ubuntu Linux, Debian Linux, Opensuse and 6 more | 2025-04-09 | 2.1 LOW | N/A |
|
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
|
|||||