Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1964 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2008-2620 | 1 Oracle | 3 Jd Edwards Enterpriseone, Peoplesoft Enterprise, Peoplesoft Peopletools Component | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2621, and CVE-2008-2622.
|
|||||
| CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
|
|||||
| CVE-2009-1807 | 1 Baofeng | 1 Storm | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
|
|||||
| CVE-2008-5343 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.0 HIGH | N/A |
|
Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535.
|
|||||
| CVE-2008-4595 | 1 Slaytanic Scripts | 1 Content Plus | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors.
|
|||||
| CVE-2009-1178 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."
|
|||||
| CVE-2008-6578 | 1 Nortel | 1 Cs1000 | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
|
|||||
| CVE-2008-5445 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference.
|
|||||
| CVE-2009-3524 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
|
|||||
| CVE-2009-1016 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 8.5 HIGH | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.
|
|||||
| CVE-2008-4010 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags."
|
|||||
| CVE-2009-4328 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.
|
|||||
| CVE-2008-6549 | 1 Moinmo | 1 Moinmoin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
|
|||||
| CVE-2007-5928 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 9.0 HIGH | 8.1 HIGH |
|
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear.
|
|||||
| CVE-2008-0346 | 1 Oracle | 5 Application Server, Collaboration Suite, Database Server and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.
|
|||||
| CVE-2009-4160 | 2 Kurt Kunig, Typo3 | 2 Kk Downloader, Typo3 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
|
|||||
| CVE-2009-1425 | 1 Hp | 3 Procurve Switch 5400zl, Procurve Switch 8200zl, Procurve Threat Management Services Zl Module | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424.
|
|||||
| CVE-2008-4554 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
|
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
|
|||||
| CVE-2008-3980 | 1 Oracle | 1 Database 10g | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2009-1158 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet.
|
|||||
| CVE-2008-3158 | 1 Novell | 1 Novell Client For Windows | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
|
|||||
| CVE-2009-2871 | 1 Cisco | 1 Ios | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.
|
|||||
| CVE-2008-4095 | 1 Flip4mac | 1 Flip4mac Wmv | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713.
|
|||||
| CVE-2007-5957 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
|
|||||
| CVE-2009-1146 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.
|
|||||
| CVE-2008-3996 | 1 Oracle | 2 Database 10g, Database 11i | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.
|
|||||
| CVE-2008-2221 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.
|
|||||
| CVE-2009-3178 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2008-6566 | 1 Octopussy | 1 Octopussy | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.
|
|||||
| CVE-2009-0714 | 5 Hp, Microsoft, Novell and 2 more | 5 Data Protector Express, Windows, Netware and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
|
|||||
| CVE-2009-4330 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.
|
|||||
| CVE-2009-0319 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."
|
|||||
| CVE-2007-3908 | 1 Hp | 2 Cluster Object Manager, Serviceguard | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Enterprise Linux (RHEL) 2.1 SG A.11.14.04 through A.11.14.06; RHEL 3.0 SG A.11.16.04 through A.11.16.10; and ServiceGuard Cluster Object Manager B.03.01.02 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2007-0980.
|
|||||
| CVE-2009-3744 | 1 Emc | 1 Replistor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144.
|
|||||
| CVE-2009-3841 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2025-04-09 | 7.5 HIGH | N/A |
|
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
|
|||||
| CVE-2003-1572 | 1 Sun | 1 Jmf | 2025-04-09 | 9.3 HIGH | N/A |
|
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
|
|||||
| CVE-2009-0939 | 1 Tor | 1 Tor | 2025-04-09 | 10.0 HIGH | N/A |
|
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
|
|||||
| CVE-2007-4910 | 1 Netinvoicing | 1 Netinvoicing | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".
|
|||||