Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5345 | 1 Oracle | 1 Database Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called.
|
|||||
| CVE-2006-5333 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block.
|
|||||
| CVE-2009-2656 | 1 Google | 1 Android | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.
|
|||||
| CVE-2008-6765 | 1 Viart | 1 Viart Shop | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.
|
|||||
| CVE-2009-3855 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
|
|||||
| CVE-2007-1359 | 1 Mod Security | 1 Mod Security | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
|
|||||
| CVE-2009-3413 | 1 Oracle | 1 Database Server | 2025-04-09 | 3.2 LOW | N/A |
|
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3414.
|
|||||
| CVE-2008-1822 | 1 Oracle | 1 Application Express | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
|
|||||
| CVE-2009-0936 | 1 Tor | 1 Tor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."
|
|||||
| CVE-2009-2299 | 2 Apache, Hyperguard Web Application Firewall Project | 2 Http Server, Hyperguard Web Application Firewall | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
|
|||||
| CVE-2008-5564 | 1 Orb Networks | 1 Orb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the media server in Orb Networks Orb before 2.01.0025 allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.
|
|||||
| CVE-2009-3852 | 1 Ibm | 1 Runtimes For Java Technology | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17."
|
|||||
| CVE-2008-4640 | 1 Sentex | 1 Jhead | 2025-04-09 | 3.6 LOW | N/A |
|
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
|
|||||
| CVE-2008-2707 | 2 Intel, Sun | 4 Network Interface Controller, Opensolaris, Solaris and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
|
|||||
| CVE-2007-4936 | 1 Office Efficiencies | 1 Safesquid | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux.
|
|||||
| CVE-2009-1993 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.
|
|||||
| CVE-2008-6575 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.
|
|||||
| CVE-2009-1989 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2009-1422 | 1 Hp | 3 Procurve Switch 5400zl, Procurve Switch 8200zl, Procurve Threat Management Services Zl Module | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.
|
|||||
| CVE-2008-1200 | 1 Microsoft | 2 Access, Jet | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.
|
|||||
| CVE-2008-5430 | 1 Mozilla | 1 Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
|
|||||
| CVE-2008-1369 | 1 Sun | 2 Sparc Enterprise Server, Sunos | 2025-04-09 | 10.0 HIGH | N/A |
|
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
|
|||||
| CVE-2008-0711 | 1 Hp | 4 Bl860c, Rx2660, Rx3600 and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2009-2491 | 1 Sun | 1 Ray Server Software | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks."
|
|||||
| CVE-2008-3990 | 1 Oracle | 2 Database 10g, Database 9i | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3991.
|
|||||
| CVE-2009-0211 | 1 Areva | 1 E-terrahabitat | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018.
|
|||||
| CVE-2007-3473 | 1 Libgd | 1 Gd Graphics Library | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
|
|||||
| CVE-2008-2736 | 1 Cisco | 1 Adaptive Security Appliance 5500 | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.
|
|||||
| CVE-2006-5706 | 1 Php | 1 Php | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
|
|||||
| CVE-2008-4580 | 1 Gentoo | 2 Cman, Fence | 2025-04-09 | 7.2 HIGH | N/A |
|
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
|
|||||
| CVE-2009-1975 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package.
|
|||||
| CVE-2008-2060 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames."
|
|||||
| CVE-2009-3842 | 1 Hp | 2 Color Laserjet Cp3525 Printer, Color Laserjet M3530 Multifunction Printer | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors.
|
|||||
| CVE-2006-5049 | 1 Joomla | 2 Classifieds Component, Com Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.
|
|||||
| CVE-2009-0985 | 1 Oracle | 2 Database 10g, Database 11g | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability.
|
|||||
| CVE-2008-6536 | 1 7-zip | 1 7-zip | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).
|
|||||
| CVE-2007-5525 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0.1; Collaboration Suite 10.1.2; and Enterprise Manager 10.1.2 has unknown impact and remote attack vectors, aka AS10.
|
|||||
| CVE-2009-2560 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
|
|||||
| CVE-2009-2456 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN).
|
|||||
| CVE-2009-2029 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
|
|||||