Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6706 | 1 Avaya | 2 Communication Manager, Sip Enablement Services | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
|
|||||
| CVE-2008-2674 | 4 Fujitsu, Microsoft, Redhat and 1 more | 11 Interstage Application Server Enterprise, Interstage Application Server Plus, Interstage Application Server Plus Developer and 8 more | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors.
|
|||||
| CVE-2008-5458 | 1 Oracle | 2 E-business Suite, E-business Suite 12 | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 and CU2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2007-5660 | 1 Macrovision | 3 Flexnet Connect, Installshield 2008, Update Service | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
|
|||||
| CVE-2007-6355 | 1 Aertherwide | 1 Exiftags | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354.
|
|||||
| CVE-2008-6996 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.
|
|||||
| CVE-2008-5441 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5442 and CVE-2008-5443.
|
|||||
| CVE-2008-5709 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
|
|||||
| CVE-2009-3416 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.
|
|||||
| CVE-2007-5528 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).
|
|||||
| CVE-2007-2587 | 1 Cisco | 1 Ios | 2025-04-09 | 6.3 MEDIUM | N/A |
|
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
|
|||||
| CVE-2008-3973 | 1 Oracle | 2 Database 10g, Database 11g | 2025-04-09 | 1.7 LOW | N/A |
|
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2009-2597 | 1 Sun | 2 Java System Access Manager Policy Agent, Java System Web Proxy Server | 2025-04-09 | 7.8 HIGH | N/A |
|
The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request.
|
|||||
| CVE-2009-3940 | 1 Sun | 2 Virtualbox, Xvm Virtualbox | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors.
|
|||||
| CVE-2009-0989 | 1 Oracle | 1 Application Server | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0990.
|
|||||
| CVE-2009-3159 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
|
|||||
| CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.
|
|||||
| CVE-2007-6045 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
|
|||||
| CVE-2008-4544 | 1 Cisco | 1 Unity | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error."
|
|||||
| CVE-2007-5610 | 1 Hp | 1 Instant Support | 2025-04-09 | 10.0 HIGH | N/A |
|
The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.
|
|||||
| CVE-2008-2735 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2025-04-09 | 7.1 HIGH | N/A |
|
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.
|
|||||
| CVE-2009-2873 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.
|
|||||
| CVE-2008-6904 | 1 Sophos | 2 Anti-virus, Anti-virus7.6.3 | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.
|
|||||
| CVE-2009-2741 | 1 Ibm | 1 Websphere Business Events | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2008-2580 | 1 Oracle | 2 Bea Product Suite, Weblogic Server Component | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors.
|
|||||
| CVE-2008-1577 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
|
|||||
| CVE-2008-7164 | 1 Ryo-oh-ki | 1 Shareaza | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.
|
|||||
| CVE-2008-3070 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
|
|||||
| CVE-2009-3164 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136.
|
|||||
| CVE-2008-0389 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.
|
|||||
| CVE-2007-1642 | 1 Manageengine | 1 Firewall Analyzer | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.
|
|||||
| CVE-2008-1780 | 1 Sun | 1 Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
|
|||||
| CVE-2009-2430 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors.
|
|||||
| CVE-2009-4592 | 1 Secureideas | 1 Base | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.
|
|||||
| CVE-2009-4487 | 1 F5 | 1 Nginx | 2025-04-09 | 6.8 MEDIUM | N/A |
|
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
|
|||||
| CVE-2009-2297 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches.
|
|||||
| CVE-2008-0345 | 1 Oracle | 5 Application Server, Collaboration Suite, Database Server and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
|
|||||
| CVE-2007-2117 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon.
|
|||||
| CVE-2008-5549 | 1 Sun | 1 Java System Portal Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."
|
|||||