Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6690 | 1 Typo3 | 2 Nd Antispam, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors.
|
|||||
| CVE-2009-0908 | 1 Vmware | 1 Ace | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
|
|||||
| CVE-2007-5604 | 1 Hp | 1 Instant Support | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.
|
|||||
| CVE-2009-3236 | 1 Horde | 2 Application Framework, Groupware | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.
|
|||||
| CVE-2007-0771 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | 4.9 MEDIUM | N/A |
|
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.
|
|||||
| CVE-2007-5438 | 1 Vmware | 4 Ace, Vmware Player, Vmware Server and 1 more | 2025-04-09 | 1.9 LOW | N/A |
|
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), re ...
Show More |
|||||
| CVE-2008-4873 | 1 Sepal | 1 Spboard | 2025-04-09 | 10.0 HIGH | N/A |
|
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
|
|||||
| CVE-2008-0860 | 1 Kerio | 2 Avg Plugin, Kerio Mailserver | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
|
|||||
| CVE-2009-0720 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2008-1820 | 1 Oracle | 3 Database 10g, Database 11g, Database 9i | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure.
|
|||||
| CVE-2009-0206 | 1 Hp | 2 Hp-ux, Oncplus | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
|
|||||
| CVE-2008-3829 | 1 Condor Project | 1 Condor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) via unknown vectors.
|
|||||
| CVE-2009-0976 | 1 Oracle | 2 Database 10g, Database 11g | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM.
|
|||||
| CVE-2009-1978 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.
|
|||||
| CVE-2008-4594 | 2 Linksys, Marvell | 2 Wap400n, 88w8361p-bem1 | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.
|
|||||
| CVE-2006-6578 | 1 Microsoft | 1 Internet Information Services | 2025-04-09 | 7.5 HIGH | N/A |
|
Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.
|
|||||
| CVE-2008-0836 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
|
|||||
| CVE-2008-2619 | 1 Oracle | 2 Application Server, E-business Suite | 2025-04-09 | 1.7 LOW | N/A |
|
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors.
|
|||||
| CVE-2008-7198 | 1 Alecwh | 1 Phpns | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.
|
|||||
| CVE-2008-1817 | 1 Oracle | 2 Database 9i, Database Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection.
|
|||||
| CVE-2008-0339 | 1 Oracle | 1 Database Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.
|
|||||
| CVE-2008-1900 | 1 Carbon Communities | 1 Carbon Communities | 2025-04-09 | 7.5 HIGH | N/A |
|
option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field.
|
|||||
| CVE-2009-2196 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
|
|||||
| CVE-2008-5245 | 1 Xine | 1 Xine-lib | 2025-04-09 | 9.3 HIGH | N/A |
|
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
|
|||||
| CVE-2009-2030 | 2 Ibm, Sun | 2 Os\/400, Jdk | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."
|
|||||
| CVE-2006-6144 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
|
|||||
| CVE-2009-3692 | 3 Apple, Linux, Sun | 5 Mac Os X, Linux Kernel, Opensolaris and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
|
|||||
| CVE-2007-0010 | 1 Gnome | 1 Gtk | 2025-04-09 | 2.1 LOW | N/A |
|
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
|
|||||
| CVE-2009-0717 | 1 Hp | 1 Storageworks Storage Mirroring | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2007-4617 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors.
|
|||||
| CVE-2009-2716 | 1 Sun | 1 Java Se | 2025-04-09 | 7.5 HIGH | N/A |
|
The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors.
|
|||||
| CVE-2008-5451 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2008-4429 | 1 Sourcenext | 2 Virus Security, Virus Security Zero | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3570 | 1 Openoffice | 1 Openoffice.org | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-2553 | 1 Hp | 1 Tru64 | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.
|
|||||
| CVE-2007-5522 | 1 Oracle | 1 Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07.
|
|||||
| CVE-2008-5450 | 1 Oracle | 2 E-business Suite, E-business Suite 12 | 2025-04-09 | 1.2 LOW | N/A |
|
Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows local users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2008-2590 | 1 Oracle | 3 Database Server, Enterprise Manager 10g, Instance Management Component | 2025-04-09 | 3.5 LOW | N/A |
|
Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors.
|
|||||
| CVE-2007-6504 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
|
|||||
| CVE-2009-0999 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||