Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1763 | 1 Sun | 1 Opensolaris | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors.
|
|||||
| CVE-2009-3406 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 2.7 LOW | N/A |
|
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2007-5519 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04.
|
|||||
| CVE-2008-6710 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
|
|||||
| CVE-2008-1828 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.
|
|||||
| CVE-2007-0626 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.5 MEDIUM | N/A |
|
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
|
|||||
| CVE-2009-4443 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.
|
|||||
| CVE-2009-2212 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.
|
|||||
| CVE-2009-0977 | 1 Oracle | 2 Database 10g, Database 9i | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package.
|
|||||
| CVE-2008-3994 | 1 Oracle | 3 Database 10g, Database 11i, Database 9i | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.
|
|||||
| CVE-2008-6579 | 1 Nortel | 1 Cs1000 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
|
|||||
| CVE-2006-5332 | 1 Oracle | 1 Database Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure.
|
|||||
| CVE-2009-0713 | 1 Hp | 1 Systems Insight Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2008-3985 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 allows remote attackers to affect confidentiality via unknown vectors.
|
|||||
| CVE-2007-6610 | 1 Debian | 1 Unp | 2025-04-09 | 10.0 HIGH | N/A |
|
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
|
|||||
| CVE-2009-0973 | 1 Oracle | 1 Database 10g | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors.
|
|||||
| CVE-2007-6354 | 1 Aertherwide | 1 Exiftags | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355.
|
|||||
| CVE-2008-5812 | 1 Spip | 1 Spip | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
|
|||||
| CVE-2009-3160 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 8.8 HIGH | N/A |
|
IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue.
|
|||||
| CVE-2009-2869 | 1 Cisco | 1 Ios | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.
|
|||||
| CVE-2009-0923 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.
|
|||||
| CVE-2007-0458 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
|
|||||
| CVE-2008-3919 | 1 Justsystems | 1 Ichitaro | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
|
|||||
| CVE-2007-3751 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
|
|||||
| CVE-2008-1665 | 1 Hp | 1 Hpsi Active Directory Bidirectional Ldap Connector | 2025-04-09 | 9.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2008-3759 | 1 Lussumo | 1 Vanilla | 2025-04-09 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
|
|||||
| CVE-2007-6425 | 1 Hp | 1 Hp-ux | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2006-6736 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."
|
|||||
| CVE-2006-5334 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB03 is related to one or more of (1) a buffer overflow in the (a) RELATE function or (2) SQL injection in the (b) TESSELATE_FIXED and (c) TESSELATE function.
|
|||||
| CVE-2007-4901 | 1 Aol | 3 Aim Lite, Aim Pro, Instant Messenger | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC.
|
|||||
| CVE-2009-3587 | 3 Broadcom, Ca, Linux | 33 Anti-virus, Anti-virus For The Enterprise, Anti-virus Sdk and 30 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
|
|||||
| CVE-2007-6487 | 1 Plain Black | 1 Webgui | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
|
|||||
| CVE-2007-6500 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
|
|||||
| CVE-2009-1191 | 2 Apache, Canonical | 2 Http Server, Ubuntu Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
|
|||||
| CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
|
|||||
| CVE-2010-0080 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2008-5414 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."
|
|||||
| CVE-2007-1560 | 1 Squid | 1 Squid | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.
|
|||||
| CVE-2008-3071 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.
|
|||||
| CVE-2008-0709 | 4 Hp, Microsoft, Redhat and 1 more | 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
|
|||||