Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5323 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
|
|||||
| CVE-2009-1973 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies.
|
|||||
| CVE-2008-3995 | 1 Oracle | 2 Database 10g, Database 11i | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
|
|||||
| CVE-2009-3655 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.
|
|||||
| CVE-2007-6716 | 6 Canonical, Debian, Linux and 3 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-09 | 4.9 MEDIUM | 5.5 MEDIUM |
|
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
|
|||||
| CVE-2008-3548 | 1 Sun | 1 Netra T5220 Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service (panic) via unknown vectors.
|
|||||
| CVE-2009-3982 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2009-0167 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."
|
|||||
| CVE-2009-3351 | 2 Drupal, Kristy Frey | 2 Drupal, Node Browser Module | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
|
|||||
| CVE-2007-5533 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.
|
|||||
| CVE-2008-6574 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.
|
|||||
| CVE-2008-3803 | 1 Cisco | 1 Ios | 2025-04-09 | 5.1 MEDIUM | N/A |
|
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
|
|||||
| CVE-2008-6412 | 1 Vignette | 1 Vignette Content Management | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors.
|
|||||
| CVE-2008-1837 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
|
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
|
|||||
| CVE-2009-3619 | 1 Viewvc | 1 Viewvc | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."
|
|||||
| CVE-2009-3401 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 1.7 LOW | N/A |
|
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2007-5700 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 6.3 MEDIUM | N/A |
|
The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.
|
|||||
| CVE-2008-7144 | 1 Rarlab | 1 Winrar | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
|
|||||
| CVE-2009-3092 | 1 Asus | 1 Asus Wl-500w | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2009-2743 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
|
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.
|
|||||
| CVE-2008-5455 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2008-5227 | 1 Phpcow | 1 Phpcow | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.
|
|||||
| CVE-2008-4619 | 1 Sun | 1 Sunos | 2025-04-09 | 10.0 HIGH | N/A |
|
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
|
|||||
| CVE-2008-1159 | 1 Cisco | 3 Ios S, Ios T, Ios Xr | 2025-04-09 | 7.1 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
|
|||||
| CVE-2009-1019 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2009-3161 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 7.8 HIGH | N/A |
|
The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.
|
|||||
| CVE-2008-2604 | 1 Oracle | 2 Authentication Component, Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2605.
|
|||||
| CVE-2009-1365 | 1 Adobe | 1 Flash Media Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests.
|
|||||
| CVE-2007-6501 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
|
|||||
| CVE-2006-3864 | 1 Microsoft | 3 Office, Project, Visio | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
|
|||||
| CVE-2006-5785 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
|
|||||
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
|
|||||
| CVE-2008-3064 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
|
|||||
| CVE-2009-1017 | 1 Oracle | 1 Application Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.
|
|||||
| CVE-2008-2578 | 1 Oracle | 1 Weblogic Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors.
|
|||||
| CVE-2009-3550 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4690 | 1 Lynx | 1 Lynx | 2025-04-09 | 10.0 HIGH | N/A |
|
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
|
|||||
| CVE-2008-7218 | 1 Horde | 7 Groupware, Groupware Webmail Edition, Horde and 4 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
|
|||||
| CVE-2007-5635 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
|
|||||
| CVE-2006-5541 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 4.0 MEDIUM | N/A |
|
backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.
|
|||||