Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-0820 | 9.0 |
Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP S
|
17-10-2024 - 21:35 | 15-09-2010 - 19:00 | |
CVE-2006-3906 | 5.0 |
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the sess
|
02-07-2024 - 12:57 | 27-07-2006 - 22:04 | |
CVE-2005-3669 | 5.0 |
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the
|
02-07-2024 - 12:57 | 18-11-2005 - 21:03 | |
CVE-2009-3733 | 5.0 |
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
|
17-05-2024 - 17:27 | 02-11-2009 - 15:30 | |
CVE-2013-2465 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
26-04-2024 - 16:07 | 18-06-2013 - 22:55 | |
CVE-2013-0431 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Iss
|
26-04-2024 - 16:07 | 31-01-2013 - 14:55 | |
CVE-2009-3563 | 6.4 |
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
|
19-03-2024 - 21:15 | 09-12-2009 - 18:30 | |
CVE-2009-3720 | 5.0 |
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafte
|
22-02-2024 - 03:40 | 03-11-2009 - 16:30 | |
CVE-2009-4017 | 5.0 |
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier f
|
15-02-2024 - 21:16 | 24-11-2009 - 00:30 | |
CVE-2009-3547 | 6.9 |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
|
15-02-2024 - 21:12 | 04-11-2009 - 15:30 | |
CVE-2009-2857 | 4.9 |
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) v
|
15-02-2024 - 20:42 | 19-08-2009 - 17:30 | |
CVE-2009-1388 | 4.9 |
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace sys
|
15-02-2024 - 19:19 | 05-07-2009 - 16:30 | |
CVE-2009-1195 | 4.9 |
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Opti
|
15-02-2024 - 18:54 | 28-05-2009 - 20:30 | |
CVE-2009-2408 | 6.8 |
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certif
|
14-02-2024 - 17:21 | 30-07-2009 - 19:30 | |
CVE-2003-1229 | 7.5 |
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted m
|
09-02-2024 - 03:26 | 31-12-2003 - 05:00 | |
CVE-2009-0269 | 4.9 |
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, l
|
09-02-2024 - 03:26 | 26-01-2009 - 15:30 | |
CVE-2009-0040 | 6.8 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr
|
09-02-2024 - 03:25 | 22-02-2009 - 22:30 | |
CVE-2007-2442 | 10.0 |
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cl
|
09-02-2024 - 03:23 | 26-06-2007 - 22:30 | |
CVE-2009-0846 | 10.0 |
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code
|
09-02-2024 - 03:21 | 09-04-2009 - 00:30 | |
CVE-2009-2692 | 7.2 |
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
|
08-02-2024 - 23:50 | 14-08-2009 - 15:16 | |
CVE-2009-3658 | 9.3 |
Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
|
03-02-2024 - 02:27 | 09-10-2009 - 14:30 | |
CVE-2009-0023 | 4.3 |
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2)
|
02-02-2024 - 16:32 | 08-06-2009 - 01:00 | |
CVE-2009-2416 | 4.3 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
|
02-02-2024 - 16:04 | 11-08-2009 - 18:30 | |
CVE-2008-3281 | 4.3 |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
|
02-02-2024 - 15:02 | 27-08-2008 - 20:41 | |
CVE-2009-1955 | 5.0 |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via
|
02-02-2024 - 14:11 | 08-06-2009 - 01:00 | |
CVE-2008-0599 | 10.0 |
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
|
02-02-2024 - 13:52 | 05-05-2008 - 17:20 | |
CVE-2007-4465 | 4.3 |
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
|
19-01-2024 - 15:13 | 14-09-2007 - 00:17 | |
CVE-2009-0034 | 6.9 |
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file
|
12-01-2024 - 20:40 | 30-01-2009 - 19:30 | |
CVE-2004-0079 | 5.0 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
|
28-12-2023 - 15:33 | 23-11-2004 - 05:00 | |
CVE-2009-2698 | 7.2 |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
|
28-12-2023 - 15:22 | 27-08-2009 - 17:30 | |
CVE-2009-3560 | 5.0 |
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that
|
01-11-2023 - 17:16 | 04-12-2009 - 21:30 | |
CVE-2010-1452 | 5.0 |
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
|
01-11-2023 - 15:32 | 28-07-2010 - 20:00 | |
CVE-2010-1623 | 5.0 |
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote
|
03-10-2023 - 15:39 | 04-10-2010 - 21:00 | |
CVE-2007-4965 | 5.8 |
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) t
|
02-08-2023 - 18:52 | 18-09-2007 - 22:17 | |
CVE-2008-3144 | 5.0 |
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to stri
|
02-08-2023 - 18:52 | 01-08-2008 - 14:41 | |
CVE-2008-1679 | 6.8 |
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue i
|
02-08-2023 - 18:52 | 22-04-2008 - 04:41 | |
CVE-2008-3143 | 7.5 |
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c
|
02-08-2023 - 18:50 | 01-08-2008 - 14:41 | |
CVE-2007-2052 | 5.0 |
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown m
|
02-08-2023 - 18:04 | 16-04-2007 - 22:19 | |
CVE-2008-2315 | 7.5 |
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7)
|
02-08-2023 - 17:14 | 01-08-2008 - 14:41 | |
CVE-2013-0169 | 2.6 |
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
|
12-05-2023 - 12:58 | 08-02-2013 - 19:55 | |
CVE-2007-2586 | 9.3 |
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that i
|
09-05-2023 - 13:53 | 10-05-2007 - 00:19 | |
CVE-2009-1956 | 6.4 |
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
|
03-03-2023 - 18:45 | 08-06-2009 - 01:00 | |
CVE-2011-2729 | 5.0 |
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows re
|
13-02-2023 - 04:31 | 15-08-2011 - 21:55 | |
CVE-2010-3718 | 1.2 |
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as
|
13-02-2023 - 04:25 | 10-02-2011 - 18:00 | |
CVE-2010-2240 | 7.2 |
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent at
|
13-02-2023 - 04:21 | 03-09-2010 - 20:00 | |
CVE-2010-2063 | 7.5 |
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arb
|
13-02-2023 - 04:19 | 17-06-2010 - 16:30 | |
CVE-2010-1157 | 2.6 |
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
|
13-02-2023 - 04:17 | 23-04-2010 - 14:30 | |
CVE-2010-0740 | 5.0 |
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi
|
13-02-2023 - 04:16 | 26-03-2010 - 18:30 | |
CVE-2010-0433 | 4.3 |
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of servic
|
13-02-2023 - 04:16 | 05-03-2010 - 19:30 | |
CVE-2011-1071 | 5.1 |
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka
|
13-02-2023 - 03:23 | 08-04-2011 - 15:17 | |
CVE-2010-0290 | 4.0 |
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisonin
|
13-02-2023 - 02:21 | 22-01-2010 - 22:00 | |
CVE-2009-2409 | 5.1 |
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificat
|
13-02-2023 - 02:20 | 30-07-2009 - 19:30 | |
CVE-2009-1890 | 7.1 |
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al
|
13-02-2023 - 02:20 | 05-07-2009 - 16:30 | |
CVE-2009-2906 | 4.0 |
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
|
13-02-2023 - 02:20 | 07-10-2009 - 18:30 | |
CVE-2009-3605 | 6.8 |
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (
|
13-02-2023 - 02:20 | 02-11-2009 - 15:30 | |
CVE-2009-2406 | 6.9 |
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vec
|
13-02-2023 - 02:20 | 31-07-2009 - 19:00 | |
CVE-2009-3609 | 4.3 |
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via
|
13-02-2023 - 02:20 | 21-10-2009 - 17:30 | |
CVE-2009-3555 | 5.8 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
|
13-02-2023 - 02:20 | 09-11-2009 - 17:30 | |
CVE-2009-1887 | 5.0 |
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability e
|
13-02-2023 - 02:20 | 26-06-2009 - 18:30 | |
CVE-2009-2407 | 6.9 |
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vecto
|
13-02-2023 - 02:20 | 31-07-2009 - 19:00 | |
CVE-2009-1895 | 7.2 |
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to l
|
13-02-2023 - 02:20 | 16-07-2009 - 15:30 | |
CVE-2009-3080 | 7.2 |
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
|
13-02-2023 - 02:20 | 20-11-2009 - 17:30 | |
CVE-2009-3606 | 9.3 |
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overf
|
13-02-2023 - 02:20 | 21-10-2009 - 17:30 | |
CVE-2009-1891 | 7.1 |
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
|
13-02-2023 - 02:20 | 10-07-2009 - 15:30 | |
CVE-2009-1385 | 7.8 |
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote a
|
13-02-2023 - 02:20 | 04-06-2009 - 16:30 | |
CVE-2009-1389 | 7.8 |
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
|
13-02-2023 - 02:20 | 16-06-2009 - 23:30 | |
CVE-2008-5515 | 5.0 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to b
|
13-02-2023 - 02:19 | 16-06-2009 - 21:00 | |
CVE-2008-4316 | 4.6 |
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
|
13-02-2023 - 02:19 | 14-03-2009 - 18:30 | |
CVE-2008-4307 | 4.0 |
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improp
|
13-02-2023 - 02:19 | 13-01-2009 - 17:00 | |
CVE-2008-4309 | 5.0 |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK req
|
13-02-2023 - 02:19 | 31-10-2008 - 20:29 | |
CVE-2008-3528 | 2.1 |
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically prox
|
13-02-2023 - 02:19 | 27-09-2008 - 10:30 | |
CVE-2008-3275 | 4.9 |
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denia
|
13-02-2023 - 02:19 | 12-08-2008 - 23:41 | |
CVE-2008-3432 | 6.8 |
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
|
13-02-2023 - 02:19 | 10-10-2008 - 10:30 | |
CVE-2008-3525 | 7.2 |
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMAN
|
13-02-2023 - 02:19 | 03-09-2008 - 14:12 | |
CVE-2008-3529 | 10.0 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
|
13-02-2023 - 02:19 | 12-09-2008 - 16:56 | |
CVE-2008-1947 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
|
13-02-2023 - 02:19 | 04-06-2008 - 19:32 | |
CVE-2008-2370 | 5.0 |
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traver
|
13-02-2023 - 02:19 | 04-08-2008 - 01:41 | |
CVE-2008-2364 | 5.0 |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
|
13-02-2023 - 02:19 | 13-06-2008 - 18:41 | |
CVE-2008-2812 | 7.2 |
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) ha
|
13-02-2023 - 02:19 | 09-07-2008 - 00:41 | |
CVE-2009-0781 | 4.3 |
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary
|
13-02-2023 - 02:19 | 09-03-2009 - 21:30 | |
CVE-2009-1185 | 7.2 |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
|
13-02-2023 - 02:19 | 17-04-2009 - 14:30 | |
CVE-2009-0580 | 4.3 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel
|
13-02-2023 - 02:19 | 05-06-2009 - 16:00 | |
CVE-2009-0778 | 7.1 |
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of a
|
13-02-2023 - 02:19 | 12-03-2009 - 15:20 | |
CVE-2009-0787 | 4.9 |
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows lo
|
13-02-2023 - 02:19 | 25-03-2009 - 01:30 | |
CVE-2009-0796 | 2.6 |
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the
|
13-02-2023 - 02:19 | 07-04-2009 - 23:30 | |
CVE-2007-6284 | 5.0 |
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
|
13-02-2023 - 02:18 | 12-01-2008 - 02:46 | |
CVE-2007-5966 | 7.2 |
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details
|
13-02-2023 - 02:18 | 20-12-2007 - 00:46 | |
CVE-2008-1232 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
|
13-02-2023 - 02:18 | 04-08-2008 - 01:41 | |
CVE-2007-2754 | 6.8 |
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overf
|
13-02-2023 - 02:17 | 17-05-2007 - 22:30 | |
CVE-2007-1860 | 5.0 |
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly in
|
13-02-2023 - 02:17 | 25-05-2007 - 18:30 | |
CVE-2007-0774 | 7.5 |
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitr
|
13-02-2023 - 02:17 | 04-03-2007 - 22:19 | |
CVE-2011-2526 | 4.4 |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restri
|
13-02-2023 - 01:20 | 14-07-2011 - 23:55 | |
CVE-2011-0536 | 6.9 |
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain
|
13-02-2023 - 01:18 | 08-04-2011 - 15:17 | |
CVE-2011-0013 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the displ
|
13-02-2023 - 01:18 | 19-02-2011 - 01:00 | |
CVE-2009-1893 | 6.9 |
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
|
13-02-2023 - 01:17 | 17-07-2009 - 16:30 | |
CVE-2009-2414 | 4.3 |
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related
|
13-02-2023 - 01:17 | 11-08-2009 - 18:30 | |
CVE-2009-2902 | 4.3 |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
|
13-02-2023 - 01:17 | 28-01-2010 - 20:30 | |
CVE-2009-0033 | 5.0 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with i
|
13-02-2023 - 01:17 | 05-06-2009 - 16:00 | |
CVE-2009-1192 | 4.9 |
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows
|
13-02-2023 - 01:17 | 24-04-2009 - 15:30 | |
CVE-2009-0783 | 4.6 |
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)
|
13-02-2023 - 01:17 | 05-06-2009 - 16:00 | |
CVE-2013-1896 | 4.3 |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han
|
13-02-2023 - 00:28 | 10-07-2013 - 20:55 | |
CVE-2011-1184 | 5.0 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypas
|
13-02-2023 - 00:15 | 14-01-2012 - 21:55 | |
CVE-2011-1095 | 6.2 |
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that e
|
13-02-2023 - 00:15 | 10-04-2011 - 02:55 | |
CVE-2009-2687 | 4.3 |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
|
19-01-2023 - 16:38 | 05-08-2009 - 19:30 | |
CVE-2009-2948 | 1.9 |
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain t
|
31-10-2022 - 15:03 | 07-10-2009 - 18:30 | |
CVE-2007-5536 | 4.9 |
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
|
24-10-2022 - 16:41 | 18-10-2007 - 00:17 | |
CVE-2006-3918 | 4.3 |
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected ba
|
21-09-2022 - 19:35 | 28-07-2006 - 00:04 | |
CVE-2011-3348 | 4.3 |
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP r
|
19-09-2022 - 19:49 | 20-09-2011 - 05:55 | |
CVE-2011-3192 | 7.8 |
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as e
|
19-09-2022 - 19:49 | 29-08-2011 - 15:55 | |
CVE-2011-0419 | 4.3 |
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac
|
19-09-2022 - 19:47 | 16-05-2011 - 17:55 | |
CVE-2013-1862 | 5.1 |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containi
|
14-09-2022 - 19:50 | 10-06-2013 - 17:55 | |
CVE-2008-3804 | 7.1 |
Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path
|
29-08-2022 - 21:04 | 26-09-2008 - 16:21 | |
CVE-2008-1105 | 7.5 |
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
|
29-08-2022 - 20:12 | 29-05-2008 - 16:32 | |
CVE-2009-1888 | 5.8 |
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vecto
|
29-08-2022 - 19:43 | 25-06-2009 - 01:30 | |
CVE-2004-0589 | 4.3 |
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
|
24-08-2022 - 15:40 | 06-08-2004 - 04:00 | |
CVE-2007-1887 | 7.5 |
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by ca
|
21-07-2022 - 15:12 | 06-04-2007 - 01:19 | |
CVE-2008-4864 | 7.5 |
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function,
|
05-07-2022 - 18:48 | 01-11-2008 - 00:00 | |
CVE-2008-1721 | 7.5 |
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
|
05-07-2022 - 18:43 | 10-04-2008 - 19:05 | |
CVE-2008-3142 | 7.5 |
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicod
|
05-07-2022 - 18:41 | 01-08-2008 - 14:41 | |
CVE-2008-1887 | 9.3 |
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when asse
|
27-06-2022 - 16:33 | 18-04-2008 - 17:05 | |
CVE-2008-3813 | 7.8 |
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
|
02-06-2022 - 17:22 | 26-09-2008 - 16:21 | |
CVE-2008-3812 | 7.1 |
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
|
02-06-2022 - 17:20 | 26-09-2008 - 16:21 | |
CVE-2008-3809 | 7.1 |
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
|
02-06-2022 - 17:19 | 26-09-2008 - 16:21 | |
CVE-2008-3807 | 9.3 |
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this commun
|
02-06-2022 - 17:18 | 26-09-2008 - 16:21 | |
CVE-2008-3808 | 7.8 |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
|
02-06-2022 - 17:18 | 26-09-2008 - 16:21 | |
CVE-2008-3805 | 8.5 |
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of s
|
02-06-2022 - 17:17 | 26-09-2008 - 16:21 | |
CVE-2008-3803 | 5.1 |
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from oth
|
02-06-2022 - 17:16 | 26-09-2008 - 16:21 | |
CVE-2008-3802 | 7.1 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Ci
|
02-06-2022 - 17:13 | 26-09-2008 - 16:21 | |
CVE-2008-3801 | 7.1 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device
|
02-06-2022 - 17:12 | 26-09-2008 - 16:21 | |
CVE-2008-3800 | 7.1 |
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device
|
02-06-2022 - 17:11 | 26-09-2008 - 16:21 | |
CVE-2008-3799 | 7.8 |
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP
|
02-06-2022 - 17:10 | 26-09-2008 - 16:21 | |
CVE-2008-3798 | 7.8 |
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
|
02-06-2022 - 17:09 | 26-09-2008 - 16:21 | |
CVE-2008-2739 | 7.8 |
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different
|
02-06-2022 - 17:09 | 26-09-2008 - 16:21 | |
CVE-2007-0918 | 7.1 |
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations tha
|
02-06-2022 - 17:09 | 14-02-2007 - 02:28 | |
CVE-2013-2466 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2424 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via ve
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-2469 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2418 | 4.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to D
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-2435 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-2447 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2455 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2444 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect av
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2407 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors rel
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2384 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-1475 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2013-1487 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to De
|
13-05-2022 - 14:53 | 20-02-2013 - 21:55 | |
CVE-2013-1481 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknow
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2013-0438 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2013-0432 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2013-2432 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2422 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via u
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2454 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrit
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2445 | 7.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2452 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2450 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2412 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceab
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2383 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2442 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2419 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-3743 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AW
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2430 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affe
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2420 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2451 | 3.7 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vect
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2417 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2471 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2470 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2437 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2473 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2443 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2012-3342 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-2433 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2472 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2464 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2457 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors relate
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2453 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2468 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2459 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2012-3213 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scri
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-2463 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2440 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2456 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2446 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2439 | 6.9 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integr
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2394 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2448 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2429 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1473 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1480 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0809 | 10.0 |
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unkn
|
13-05-2022 - 14:52 | 05-03-2013 - 22:06 | |
CVE-2013-1557 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1500 | 3.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-1478 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1537 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1493 | 10.0 |
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via
|
13-05-2022 - 14:52 | 05-03-2013 - 22:06 | |
CVE-2013-1571 | 4.3 |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-1476 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1486 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability
|
13-05-2022 - 14:52 | 20-02-2013 - 21:55 | |
CVE-2013-1558 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1540 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1569 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1518 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1563 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-1541 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0445 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0442 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0427 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0435 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0450 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0423 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0443 | 4.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0428 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0434 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0433 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0429 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0419 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0425 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0409 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0441 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0426 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0446 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0440 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via v
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0424 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vect
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0351 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-2467 | 6.9 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
|
13-05-2022 - 14:49 | 18-06-2013 - 22:55 | |
CVE-2009-2625 | 5.0 |
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
|
13-05-2022 - 14:44 | 06-08-2009 - 15:30 | |
CVE-2013-2461 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and
|
13-05-2022 - 14:35 | 18-06-2013 - 22:55 | |
CVE-2007-2356 | 6.8 |
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
|
07-02-2022 - 19:21 | 30-04-2007 - 22:19 | |
CVE-2009-1570 | 9.3 |
Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
|
07-02-2022 - 17:54 | 13-11-2009 - 15:30 | |
CVE-2007-2949 | 6.8 |
Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
|
07-02-2022 - 17:48 | 04-07-2007 - 15:30 | |
CVE-2006-3404 | 5.1 |
Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VE
|
07-02-2022 - 17:27 | 06-07-2006 - 20:05 | |
CVE-2007-1349 | 5.0 |
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted U
|
03-02-2022 - 16:26 | 30-03-2007 - 00:19 | |
CVE-2006-3894 | 5.0 |
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
|
17-12-2021 - 20:00 | 22-05-2007 - 19:30 | |
CVE-2012-4845 | 6.8 |
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executa
|
31-08-2021 - 15:43 | 20-10-2012 - 10:41 | |
CVE-2004-0727 | 7.5 |
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to
|
23-07-2021 - 15:02 | 27-07-2004 - 04:00 | |
CVE-2008-3013 | 9.3 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
|
23-07-2021 - 12:17 | 11-09-2008 - 01:11 | |
CVE-2007-3898 | 6.4 |
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attac
|
07-07-2021 - 16:09 | 14-11-2007 - 01:46 | |
CVE-2012-4558 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remo
|
06-06-2021 - 11:15 | 26-02-2013 - 16:55 | |
CVE-2012-4557 | 5.0 |
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an
|
06-06-2021 - 11:15 | 30-11-2012 - 19:55 | |
CVE-2012-3499 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagema
|
06-06-2021 - 11:15 | 26-02-2013 - 16:55 | |
CVE-2012-2687 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to in
|
06-06-2021 - 11:15 | 22-08-2012 - 19:55 | |
CVE-2007-4476 | 7.5 |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
|
17-05-2021 - 19:55 | 05-09-2007 - 01:17 | |
CVE-2010-1321 | 6.8 |
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allo
|
02-02-2021 - 18:53 | 19-05-2010 - 18:30 | |
CVE-2007-2798 | 9.0 |
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
|
02-02-2021 - 18:32 | 26-06-2007 - 22:30 | |
CVE-2007-2443 | 8.3 |
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
|
02-02-2021 - 18:28 | 26-06-2007 - 22:30 | |
CVE-2009-3767 | 4.3 |
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-
|
14-10-2020 - 17:13 | 23-10-2009 - 19:30 | |
CVE-2007-3378 | 6.8 |
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu
|
18-09-2020 - 19:15 | 29-06-2007 - 18:30 | |
CVE-2009-1072 | 4.9 |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash o
|
02-09-2020 - 16:01 | 25-03-2009 - 01:30 | |
CVE-2009-2848 | 5.9 |
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone
|
28-08-2020 - 13:10 | 18-08-2009 - 21:00 | |
CVE-2009-0834 | 3.6 |
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass
|
26-08-2020 - 12:57 | 06-03-2009 - 11:30 | |
CVE-2009-1630 | 4.4 |
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass pe
|
21-08-2020 - 18:45 | 14-05-2009 - 17:30 | |
CVE-2007-2587 | 6.3 |
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
|
22-05-2020 - 17:01 | 10-05-2007 - 00:19 | |
CVE-2011-0997 | 7.5 |
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstra
|
01-04-2020 - 13:07 | 08-04-2011 - 15:17 | |
CVE-2008-1447 | 5.0 |
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
|
24-03-2020 - 18:19 | 08-07-2008 - 23:41 | |
CVE-2010-3282 | 1.9 |
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-root
|
29-01-2020 - 15:27 | 09-01-2020 - 21:15 | |
CVE-2010-1323 | 2.6 |
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distrib
|
21-01-2020 - 15:46 | 02-12-2010 - 16:22 | |
CVE-2010-1324 | 4.3 |
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum,
|
21-01-2020 - 15:46 | 02-12-2010 - 16:22 | |
CVE-2009-4212 | 10.0 |
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly
|
21-01-2020 - 15:45 | 13-01-2010 - 19:30 | |
CVE-2009-0844 | 5.8 |
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that tri
|
21-01-2020 - 15:45 | 09-04-2009 - 00:30 | |
CVE-2009-0845 | 5.0 |
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via in
|
21-01-2020 - 15:45 | 27-03-2009 - 16:30 | |
CVE-2008-5031 | 10.0 |
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs fun
|
25-10-2019 - 11:53 | 10-11-2008 - 16:15 | |
CVE-2008-5345 | 7.5 |
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a
|
09-10-2019 - 22:56 | 05-12-2008 - 11:30 | |
CVE-2008-5360 | 6.4 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allow
|
09-10-2019 - 22:56 | 05-12-2008 - 11:30 | |
CVE-2008-5359 | 9.3 |
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbit
|
09-10-2019 - 22:56 | 05-12-2008 - 11:30 | |
CVE-2008-5357 | 9.3 |
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbi
|
09-10-2019 - 22:56 | 05-12-2008 - 11:30 | |
CVE-2008-2100 | 7.2 |
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS u
|
14-08-2019 - 11:29 | 05-06-2008 - 20:32 | |
CVE-2008-5346 | 7.1 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a
|
31-07-2019 - 12:42 | 05-12-2008 - 11:30 | |
CVE-2013-4854 | 7.8 |
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertio
|
22-04-2019 - 17:48 | 29-07-2013 - 13:59 | |
CVE-2011-3190 | 7.5 |
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive in
|
25-03-2019 - 11:33 | 31-08-2011 - 23:55 | |
CVE-2011-2204 | 1.9 |
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive inf
|
25-03-2019 - 11:33 | 29-06-2011 - 17:55 | |
CVE-2012-0022 | 5.0 |
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters
|
25-03-2019 - 11:33 | 19-01-2012 - 04:01 | |
CVE-2010-2227 | 6.4 |
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via
|
25-03-2019 - 11:32 | 13-07-2010 - 17:30 | |
CVE-2009-3548 | 7.5 |
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
|
25-03-2019 - 11:31 | 12-11-2009 - 23:30 | |
CVE-2009-2693 | 5.8 |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat
|
25-03-2019 - 11:30 | 28-01-2010 - 20:30 | |
CVE-2007-1355 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attacker
|
25-03-2019 - 11:29 | 21-05-2007 - 20:30 | |
CVE-2010-3405 | 6.8 |
Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.
|
28-11-2018 - 17:13 | 16-09-2010 - 21:00 | |
CVE-2010-3187 | 10.0 |
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
|
28-11-2018 - 17:12 | 30-08-2010 - 20:00 | |
CVE-2009-4536 | 7.8 |
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypas
|
16-11-2018 - 15:51 | 12-01-2010 - 17:30 | |
CVE-2009-3002 | 4.9 |
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to th
|
16-11-2018 - 15:43 | 28-08-2009 - 15:30 | |
CVE-2009-1633 | 7.1 |
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to U
|
08-11-2018 - 20:29 | 28-05-2009 - 20:30 | |
CVE-2009-0322 | 4.9 |
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size
|
08-11-2018 - 20:20 | 28-01-2009 - 18:30 | |
CVE-2008-4917 | 7.2 |
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through
|
02-11-2018 - 13:44 | 09-12-2008 - 00:30 | |
CVE-2008-4915 | 6.9 |
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through
|
02-11-2018 - 13:43 | 10-11-2008 - 14:12 | |
CVE-2008-4279 | 6.8 |
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231;
|
02-11-2018 - 13:06 | 06-10-2008 - 19:54 | |
CVE-2009-0689 | 6.8 |
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD
|
02-11-2018 - 10:29 | 01-07-2009 - 13:00 | |
CVE-2008-2712 | 9.3 |
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3)
|
01-11-2018 - 15:07 | 16-06-2008 - 21:41 | |
CVE-2008-2136 | 7.8 |
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT
|
31-10-2018 - 18:55 | 16-05-2008 - 12:54 | |
CVE-2013-2266 | 7.8 |
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as
|
30-10-2018 - 16:27 | 28-03-2013 - 16:55 | |
CVE-2011-2464 | 5.0 |
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
|
30-10-2018 - 16:27 | 08-07-2011 - 20:55 | |
CVE-2007-5236 | 5.4 |
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files vi
|
30-10-2018 - 16:26 | 06-10-2007 - 00:17 | |
CVE-2010-4454 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4450 | 3.7 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux all
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3569 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-4466 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remot
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3572 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-4448 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java ap
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3562 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2007-5671 | 4.4 |
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not
|
30-10-2018 - 16:26 | 05-06-2008 - 20:32 | |
CVE-2010-3574 | 10.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3571 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-4469 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4473 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4462 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4447 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4475 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3565 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inf
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3556 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://w
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3559 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3557 | 6.8 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2007-4590 | 3.3 |
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impa
|
30-10-2018 - 16:26 | 29-08-2007 - 01:17 | |
CVE-2010-3554 | 10.0 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-4476 | 5.0 |
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows rem
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-4465 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3568 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3541 | 5.1 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2009-4142 | 4.3 |
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks b
|
30-10-2018 - 16:26 | 21-12-2009 - 16:30 | |
CVE-2010-3553 | 10.0 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2009-3876 | 5.0 |
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
|
30-10-2018 - 16:26 | 05-11-2009 - 16:30 | |
CVE-2010-3551 | 5.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2009-3877 | 5.0 |
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
|
30-10-2018 - 16:26 | 05-11-2009 - 16:30 | |
CVE-2009-2676 | 6.8 |
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attacke
|
30-10-2018 - 16:26 | 05-08-2009 - 19:30 | |
CVE-2009-3800 | 9.3 |
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2009-3799 | 9.3 |
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers me
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2009-3293 | 7.5 |
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2009-3875 | 5.0 |
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
|
30-10-2018 - 16:26 | 05-11-2009 - 16:30 | |
CVE-2010-3548 | 5.0 |
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the p
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2009-4143 | 10.0 |
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
|
30-10-2018 - 16:26 | 21-12-2009 - 16:30 | |
CVE-2009-3796 | 9.3 |
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2009-3794 | 9.3 |
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2010-3549 | 6.8 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2009-3291 | 7.5 |
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2009-1805 | 4.0 |
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build
|
30-10-2018 - 16:26 | 01-06-2009 - 19:30 | |
CVE-2007-2688 | 7.8 |
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
|
30-10-2018 - 16:26 | 16-05-2007 - 01:19 | |
CVE-2009-3557 | 5.0 |
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix argu
|
30-10-2018 - 16:26 | 23-11-2009 - 17:30 | |
CVE-2009-3798 | 9.3 |
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2009-4018 | 7.5 |
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute pr
|
30-10-2018 - 16:26 | 29-11-2009 - 13:07 | |
CVE-2009-3049 | 5.0 |
Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.
|
30-10-2018 - 16:26 | 02-09-2009 - 17:30 | |
CVE-2009-3292 | 7.5 |
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2003-0851 | 5.0 |
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
|
30-10-2018 - 16:26 | 01-12-2003 - 05:00 | |
CVE-2009-1147 | 7.2 |
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allo
|
30-10-2018 - 16:26 | 06-04-2009 - 15:30 | |
CVE-2011-0866 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0864 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2004-0790 | 5.0 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
|
30-10-2018 - 16:26 | 12-04-2005 - 04:00 | |
CVE-2011-0865 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2004-1767 | 7.2 |
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
|
30-10-2018 - 16:26 | 31-12-2004 - 05:00 | |
CVE-2007-1270 | 5.0 |
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:26 | 06-04-2007 - 00:19 | |
CVE-2011-0815 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0862 | 10.0 |
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and avail
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0802 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2003-0567 | 7.8 |
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
|
30-10-2018 - 16:26 | 18-08-2003 - 04:00 | |
CVE-2004-0714 | 5.0 |
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memo
|
30-10-2018 - 16:26 | 27-07-2004 - 04:00 | |
CVE-2008-0967 | 6.9 |
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build
|
30-10-2018 - 16:26 | 05-06-2008 - 20:32 | |
CVE-2004-0791 | 5.0 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench a
|
30-10-2018 - 16:26 | 12-04-2005 - 04:00 | |
CVE-2011-0814 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2011-0867 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
|
30-10-2018 - 16:26 | 14-06-2011 - 18:55 | |
CVE-2007-1271 | 6.6 |
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
|
30-10-2018 - 16:26 | 06-04-2007 - 00:19 | |
CVE-2007-5398 | 9.3 |
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requ
|
30-10-2018 - 16:25 | 16-11-2007 - 18:46 | |
CVE-2007-5348 | 9.3 |
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerP
|
30-10-2018 - 16:25 | 11-09-2008 - 01:01 | |
CVE-2007-5921 | 4.7 |
Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.
|
30-10-2018 - 16:25 | 10-11-2007 - 02:46 | |
CVE-2007-6015 | 9.3 |
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC stri
|
30-10-2018 - 16:25 | 13-12-2007 - 21:46 | |
CVE-2008-3012 | 9.3 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
|
30-10-2018 - 16:25 | 11-09-2008 - 01:11 | |
CVE-2007-4572 | 9.3 |
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon se
|
30-10-2018 - 16:25 | 16-11-2007 - 18:46 | |
CVE-2008-3666 | 7.1 |
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrat
|
30-10-2018 - 16:25 | 13-08-2008 - 17:41 | |
CVE-2009-3872 | 9.3 |
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-3868 | 9.3 |
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a c
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2008-1778 | 6.6 |
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknow
|
30-10-2018 - 16:25 | 14-04-2008 - 16:05 | |
CVE-2009-3873 | 9.3 |
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem,"
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-3869 | 9.3 |
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and S
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-3871 | 9.3 |
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-2674 | 7.5 |
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during dis
|
30-10-2018 - 16:25 | 05-08-2009 - 19:30 | |
CVE-2008-2144 | 10.0 |
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 12-05-2008 - 19:20 | |
CVE-2009-3874 | 9.3 |
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary co
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2009-3867 | 9.3 |
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to
|
30-10-2018 - 16:25 | 05-11-2009 - 16:30 | |
CVE-2008-2710 | 7.2 |
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones vi
|
30-10-2018 - 16:25 | 16-06-2008 - 20:41 | |
CVE-2008-3450 | 7.2 |
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.
|
30-10-2018 - 16:25 | 04-08-2008 - 18:41 | |
CVE-2008-3014 | 9.3 |
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 20
|
30-10-2018 - 16:25 | 11-09-2008 - 01:11 | |
CVE-2008-2168 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
|
30-10-2018 - 16:25 | 13-05-2008 - 21:20 | |
CVE-2009-1146 | 4.9 |
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows lo
|
30-10-2018 - 16:25 | 06-04-2009 - 15:30 | |
CVE-2008-0964 | 9.3 |
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
|
30-10-2018 - 16:25 | 08-08-2008 - 18:41 | |
CVE-2007-0165 | 7.8 |
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
|
30-10-2018 - 16:25 | 10-01-2007 - 00:28 | |
CVE-2009-0838 | 4.9 |
The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.
|
30-10-2018 - 16:25 | 06-03-2009 - 18:30 | |
CVE-2008-1451 | 7.2 |
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
|
30-10-2018 - 16:25 | 12-06-2008 - 02:32 | |
CVE-2008-1095 | 6.8 |
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets
|
30-10-2018 - 16:25 | 29-02-2008 - 11:44 | |
CVE-2008-0269 | 4.9 |
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
|
30-10-2018 - 16:25 | 15-01-2008 - 20:00 | |
CVE-2008-1480 | 4.3 |
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.
|
30-10-2018 - 16:25 | 24-03-2008 - 22:44 | |
CVE-2008-0960 | 10.0 |
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Dat
|
30-10-2018 - 16:25 | 10-06-2008 - 18:32 | |
CVE-2009-1244 | 6.8 |
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; V
|
30-10-2018 - 16:25 | 13-04-2009 - 16:30 | |
CVE-2008-0965 | 9.3 |
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
|
30-10-2018 - 16:25 | 08-08-2008 - 18:41 | |
CVE-2006-1780 | 2.1 |
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. Apply patches.
|
30-10-2018 - 16:25 | 13-04-2006 - 10:02 | |
CVE-2007-4632 | 4.3 |
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authent
|
26-10-2018 - 14:04 | 31-08-2007 - 23:17 | |
CVE-2006-0300 | 5.1 |
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
|
19-10-2018 - 15:44 | 24-02-2006 - 00:02 | |
CVE-2005-4826 | 6.1 |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different iss
|
19-10-2018 - 15:41 | 31-12-2005 - 05:00 | |
CVE-2005-4316 | 7.8 |
HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
|
19-10-2018 - 15:40 | 17-12-2005 - 11:03 | |
CVE-2005-4436 | 7.8 |
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) m
|
19-10-2018 - 15:40 | 21-12-2005 - 01:03 | |
CVE-2005-4437 | 7.5 |
MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message
|
19-10-2018 - 15:40 | 21-12-2005 - 01:03 | |
CVE-2005-4451 | 7.5 |
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
|
19-10-2018 - 15:40 | 21-12-2005 - 11:03 | |
CVE-2005-3921 | 2.6 |
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memor
|
19-10-2018 - 15:39 | 30-11-2005 - 11:03 | |
CVE-2005-2993 | 1.7 |
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
|
19-10-2018 - 15:34 | 20-09-2005 - 20:03 | |
CVE-2005-1046 | 7.5 |
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2004-1060 | 5.0 |
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment w
|
19-10-2018 - 15:30 | 12-04-2004 - 04:00 | |
CVE-2004-0230 | 5.0 |
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
|
19-10-2018 - 15:30 | 18-08-2004 - 04:00 | |
CVE-2006-3201 | 4.9 |
Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
|
18-10-2018 - 16:46 | 23-06-2006 - 20:06 | |
CVE-2006-3335 | 7.2 |
Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.
|
18-10-2018 - 16:46 | 03-07-2006 - 01:05 | |
CVE-2006-3097 | 4.9 |
Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. This vulnerability only affects HP-UX running Support Tools Manage
|
18-10-2018 - 16:45 | 20-06-2006 - 17:02 | |
CVE-2006-2551 | 2.1 |
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.
|
18-10-2018 - 16:40 | 23-05-2006 - 16:06 | |
CVE-2006-2574 | 7.2 |
Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.
|
18-10-2018 - 16:40 | 24-05-2006 - 23:02 | |
CVE-2006-1689 | 7.2 |
Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. HP-UX B.11.11:
Install PHCO_34545 or later.
|
18-10-2018 - 16:33 | 11-04-2006 - 00:02 | |
CVE-2006-6104 | 5.0 |
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for
|
17-10-2018 - 21:46 | 21-12-2006 - 19:28 | |
CVE-2006-5452 | 4.6 |
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
|
17-10-2018 - 21:42 | 23-10-2006 - 17:07 | |
CVE-2006-5091 | 7.2 |
Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.
|
17-10-2018 - 21:41 | 29-09-2006 - 20:07 | |
CVE-2006-5151 | 10.0 |
Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.
|
17-10-2018 - 21:41 | 05-10-2006 - 04:04 | |
CVE-2006-4795 | 4.6 |
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.
|
17-10-2018 - 21:39 | 14-09-2006 - 21:07 | |
CVE-2006-4820 | 2.1 |
Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
|
17-10-2018 - 21:39 | 15-09-2006 - 21:07 | |
CVE-2006-4650 | 2.6 |
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect
|
17-10-2018 - 21:38 | 09-09-2006 - 00:04 | |
CVE-2006-4343 | 4.3 |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer
|
17-10-2018 - 21:36 | 28-09-2006 - 18:07 | |
CVE-2006-4187 | 2.1 |
Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.
|
17-10-2018 - 21:33 | 17-08-2006 - 00:04 | |
CVE-2006-3738 | 10.0 |
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Failed exploit attempts may crash appl
|
17-10-2018 - 21:29 | 28-09-2006 - 18:07 | |
CVE-2007-2953 | 6.8 |
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, relat
|
16-10-2018 - 16:46 | 31-07-2007 - 10:17 | |
CVE-2007-1681 | 7.5 |
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspe
|
16-10-2018 - 16:40 | 19-04-2007 - 10:19 | |
CVE-2007-0940 | 9.3 |
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, a
|
16-10-2018 - 16:35 | 08-05-2007 - 23:19 | |
CVE-2007-6425 | 10.0 |
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
|
15-10-2018 - 21:53 | 23-01-2008 - 21:00 | |
CVE-2007-6352 | 6.8 |
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.
|
15-10-2018 - 21:52 | 20-12-2007 - 02:46 | |
CVE-2007-6203 | 4.3 |
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using w
|
15-10-2018 - 21:50 | 03-12-2007 - 22:46 | |
CVE-2007-6195 | 10.0 |
Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malfor
|
15-10-2018 - 21:50 | 15-12-2007 - 01:46 | |
CVE-2007-5958 | 5.0 |
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
|
15-10-2018 - 21:47 | 18-01-2008 - 23:00 | |
CVE-2007-5365 | 7.2 |
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemo
|
15-10-2018 - 21:44 | 11-10-2007 - 10:17 | |
CVE-2007-5045 | 9.3 |
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XM
|
15-10-2018 - 21:40 | 24-09-2007 - 00:17 | |
CVE-2007-5135 | 6.8 |
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue wa
|
15-10-2018 - 21:40 | 27-09-2007 - 20:17 | |
CVE-2007-4887 | 4.3 |
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit
|
15-10-2018 - 21:38 | 14-09-2007 - 00:17 | |
CVE-2007-4771 | 9.3 |
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have uns
|
15-10-2018 - 21:37 | 29-01-2008 - 00:00 | |
CVE-2007-4752 | 7.5 |
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted
|
15-10-2018 - 21:37 | 12-09-2007 - 01:17 | |
CVE-2007-4770 | 6.8 |
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory lo
|
15-10-2018 - 21:37 | 29-01-2008 - 00:00 | |
CVE-2007-4286 | 9.3 |
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
|
15-10-2018 - 21:34 | 09-08-2007 - 21:17 | |
CVE-2007-4131 | 6.8 |
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
|
15-10-2018 - 21:33 | 25-08-2007 - 00:17 | |
CVE-2009-0099 | 5.0 |
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2009-0098 | 9.3 |
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2009-0217 | 5.0 |
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
|
12-10-2018 - 21:49 | 14-07-2009 - 23:30 | |
CVE-2008-3466 | 10.0 |
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or
|
12-10-2018 - 21:48 | 15-10-2008 - 00:12 | |
CVE-2006-2389 | 9.3 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption
|
12-10-2018 - 21:40 | 11-07-2006 - 21:05 | |
CVE-2004-1244 | 7.5 |
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
|
12-10-2018 - 21:35 | 08-02-2004 - 05:00 | |
CVE-2004-0847 | 7.5 |
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Valid
|
12-10-2018 - 21:35 | 03-11-2004 - 05:00 | |
CVE-2009-0361 | 4.6 |
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files b
|
11-10-2018 - 21:01 | 13-02-2009 - 17:30 | |
CVE-2009-0360 | 6.2 |
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configurat
|
11-10-2018 - 21:01 | 13-02-2009 - 17:30 | |
CVE-2009-0159 | 6.8 |
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
|
11-10-2018 - 21:00 | 14-04-2009 - 15:30 | |
CVE-2009-0037 | 6.8 |
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or o
|
11-10-2018 - 20:59 | 05-03-2009 - 02:30 | |
CVE-2009-0028 | 2.1 |
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting thi
|
11-10-2018 - 20:58 | 27-02-2009 - 17:30 | |
CVE-2009-0025 | 6.8 |
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulne
|
11-10-2018 - 20:58 | 07-01-2009 - 17:30 | |
CVE-2008-5700 | 1.9 |
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
|
11-10-2018 - 20:56 | 22-12-2008 - 15:30 | |
CVE-2008-5689 | 7.2 |
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference. Com
|
11-10-2018 - 20:56 | 19-12-2008 - 17:30 | |
CVE-2008-5353 | 10.0 |
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows rem
|
11-10-2018 - 20:55 | 05-12-2008 - 11:30 | |
CVE-2008-5349 | 7.1 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
|
11-10-2018 - 20:54 | 05-12-2008 - 11:30 | |
CVE-2008-5300 | 4.9 |
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulne
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5303 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5302 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, an
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5029 | 4.9 |
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors rela
|
11-10-2018 - 20:53 | 10-11-2008 - 16:15 | |
CVE-2008-5077 | 5.8 |
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
|
11-10-2018 - 20:53 | 07-01-2009 - 17:30 | |
CVE-2008-4552 | 7.5 |
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended acce
|
11-10-2018 - 20:52 | 14-10-2008 - 20:00 | |
CVE-2008-4556 | 10.0 |
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
|
11-10-2018 - 20:52 | 14-10-2008 - 22:36 | |
CVE-2008-4281 | 9.3 |
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.
|
11-10-2018 - 20:51 | 10-11-2008 - 14:12 | |
CVE-2008-4101 | 9.3 |
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute
|
11-10-2018 - 20:50 | 18-09-2008 - 17:59 | |
CVE-2008-3870 | 10.0 |
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
|
11-10-2018 - 20:50 | 26-05-2009 - 21:30 | |
CVE-2008-3869 | 10.0 |
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
|
11-10-2018 - 20:50 | 26-05-2009 - 21:30 | |
CVE-2008-2327 | 6.8 |
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file,
|
11-10-2018 - 20:40 | 27-08-2008 - 20:41 | |
CVE-2008-2097 | 9.0 |
Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
|
11-10-2018 - 20:39 | 05-06-2008 - 20:32 | |
CVE-2008-2086 | 9.3 |
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) ja
|
11-10-2018 - 20:39 | 05-12-2008 - 02:30 | |
CVE-2008-1483 | 6.9 |
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and
|
11-10-2018 - 20:35 | 24-03-2008 - 23:44 | |
CVE-2008-1382 | 7.5 |
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which
|
11-10-2018 - 20:32 | 14-04-2008 - 16:05 | |
CVE-2008-1372 | 4.3 |
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
|
11-10-2018 - 20:32 | 18-03-2008 - 21:44 | |
CVE-2010-4435 | 10.0 |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the Jan
|
10-10-2018 - 20:08 | 19-01-2011 - 17:00 | |
CVE-2010-3573 | 5.1 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3613 | 4.0 |
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a
|
10-10-2018 - 20:04 | 06-12-2010 - 13:44 | |
CVE-2010-3567 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3566 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3561 | 7.5 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information
|
10-10-2018 - 20:03 | 19-10-2010 - 22:00 | |
CVE-2010-3550 | 9.3 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
10-10-2018 - 20:02 | 19-10-2010 - 22:00 | |
CVE-2010-1646 | 6.2 |
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last
|
10-10-2018 - 19:57 | 07-06-2010 - 17:12 | |
CVE-2010-1039 | 10.0 |
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers
|
10-10-2018 - 19:55 | 20-05-2010 - 17:30 | |
CVE-2010-0624 | 6.8 |
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arb
|
10-10-2018 - 19:53 | 15-03-2010 - 13:28 | |
CVE-2010-0734 | 6.8 |
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of se
|
10-10-2018 - 19:53 | 19-03-2010 - 19:30 | |
CVE-2010-0453 | 4.9 |
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_V
|
10-10-2018 - 19:52 | 03-02-2010 - 18:30 | |
CVE-2009-3731 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1;
|
10-10-2018 - 19:47 | 16-12-2009 - 18:30 | |
CVE-2009-3027 | 10.0 |
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF)
|
10-10-2018 - 19:42 | 11-12-2009 - 16:30 | |
CVE-2009-2847 | 4.9 |
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive informati
|
10-10-2018 - 19:42 | 18-08-2009 - 21:00 | |
CVE-2009-2730 | 7.5 |
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof a
|
10-10-2018 - 19:42 | 12-08-2009 - 10:30 | |
CVE-2009-2813 | 6.0 |
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle error
|
10-10-2018 - 19:42 | 14-09-2009 - 16:30 | |
CVE-2009-2671 | 5.0 |
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2)
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2670 | 5.0 |
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2675 | 10.0 |
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2672 | 7.5 |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications,
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2673 | 7.5 |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspec
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2417 | 7.5 |
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof a
|
10-10-2018 - 19:40 | 14-08-2009 - 15:16 | |
CVE-2009-2267 | 6.9 |
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.
|
10-10-2018 - 19:39 | 02-11-2009 - 15:30 | |
CVE-2009-1439 | 7.8 |
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
|
10-10-2018 - 19:36 | 27-04-2009 - 18:00 | |
CVE-2009-1337 | 4.4 |
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies
|
10-10-2018 - 19:36 | 22-04-2009 - 15:30 | |
CVE-2009-1336 | 4.9 |
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the en
|
10-10-2018 - 19:35 | 22-04-2009 - 15:30 | |
CVE-2009-1252 | 6.8 |
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing a
|
10-10-2018 - 19:35 | 19-05-2009 - 19:30 | |
CVE-2009-1104 | 5.8 |
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other p
|
10-10-2018 - 19:34 | 25-03-2009 - 23:30 | |
CVE-2009-1106 | 6.4 |
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary
|
10-10-2018 - 19:34 | 25-03-2009 - 23:30 | |
CVE-2009-1107 | 4.3 |
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent t
|
10-10-2018 - 19:34 | 25-03-2009 - 23:30 | |
CVE-2009-1103 | 6.4 |
Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access fil
|
10-10-2018 - 19:34 | 25-03-2009 - 23:30 | |
CVE-2009-1102 | 6.4 |
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code gener
|
10-10-2018 - 19:34 | 25-03-2009 - 23:30 | |
CVE-2009-1105 | 7.5 |
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities
|
10-10-2018 - 19:34 | 25-03-2009 - 23:30 | |
CVE-2009-1098 | 9.3 |
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code v
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1100 | 5.0 |
Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors relate
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1099 | 7.5 |
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1095 | 10.0 |
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pa
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1101 | 5.0 |
Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) f
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1093 | 5.0 |
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initiali
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1094 | 10.0 |
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1097 | 9.3 |
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow durin
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-1096 | 10.0 |
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pac
|
10-10-2018 - 19:33 | 25-03-2009 - 23:30 | |
CVE-2009-0922 | 4.0 |
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified enco
|
10-10-2018 - 19:32 | 17-03-2009 - 17:30 | |
CVE-2009-0847 | 4.3 |
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, rela
|
10-10-2018 - 19:32 | 09-04-2009 - 00:30 | |
CVE-2009-0745 | 4.9 |
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0675 | 2.1 |
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset t
|
10-10-2018 - 19:30 | 22-02-2009 - 22:30 | |
CVE-2009-0746 | 4.9 |
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a c
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0747 | 4.9 |
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of servic
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0696 | 4.3 |
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon ex
|
10-10-2018 - 19:30 | 29-07-2009 - 17:30 | |
CVE-2009-0748 | 4.9 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0676 | 2.1 |
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt
|
10-10-2018 - 19:30 | 22-02-2009 - 22:30 | |
CVE-2011-1785 | 7.8 |
VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.
|
09-10-2018 - 19:32 | 03-05-2011 - 22:55 | |
CVE-2009-2404 | 9.3 |
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a d
|
03-10-2018 - 22:00 | 03-08-2009 - 14:30 | |
CVE-2005-4268 | 3.7 |
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
|
03-10-2018 - 21:34 | 15-12-2005 - 18:11 | |
CVE-2005-0448 | 1.2 |
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
|
03-10-2018 - 21:29 | 02-05-2005 - 04:00 | |
CVE-1999-0104 | 5.0 |
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
|
22-08-2018 - 10:29 | 16-12-1997 - 05:00 | |
CVE-2012-2686 | 5.0 |
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
|
09-08-2018 - 01:29 | 08-02-2013 - 19:55 | |
CVE-2013-0166 | 5.0 |
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
|
09-08-2018 - 01:29 | 08-02-2013 - 19:55 | |
CVE-2000-0005 | 7.2 |
HP-UX aserver program allows local users to gain privileges via a symlink attack.
|
03-05-2018 - 01:29 | 02-01-1999 - 05:00 | |
CVE-2001-0551 | 7.2 |
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
|
03-05-2018 - 01:29 | 22-05-2001 - 04:00 | |
CVE-2000-0078 | 7.2 |
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
|
03-05-2018 - 01:29 | 02-01-2000 - 05:00 | |
CVE-1999-0015 | 5.0 |
Teardrop IP denial of service.
|
03-05-2018 - 01:29 | 16-12-1997 - 05:00 | |
CVE-2000-0077 | 7.2 |
The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.
|
03-05-2018 - 01:29 | 02-01-2000 - 05:00 | |
CVE-2005-3295 | 2.1 |
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
|
03-05-2018 - 01:29 | 23-10-2005 - 21:02 | |
CVE-2003-0543 | 5.0 |
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2012-4929 | 2.6 |
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plain
|
22-04-2018 - 01:29 | 15-09-2012 - 18:55 | |
CVE-2007-6750 | 5.0 |
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
|
10-01-2018 - 02:29 | 27-12-2011 - 18:55 | |
CVE-2011-4858 | 5.0 |
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU con
|
09-01-2018 - 02:29 | 05-01-2012 - 19:55 | |
CVE-2011-4313 | 5.0 |
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named e
|
06-01-2018 - 02:29 | 29-11-2011 - 17:55 | |
CVE-2010-4452 | 10.0 |
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4470 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4463 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4468 | 4.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect c
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4472 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4467 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2010-4471 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect co
|
22-12-2017 - 02:29 | 17-02-2011 - 19:00 | |
CVE-2011-0873 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0786 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0869 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related t
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0868 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0817 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0788 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0872 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2011-0863 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability
|
22-12-2017 - 02:29 | 14-06-2011 - 18:55 | |
CVE-2001-1181 | 7.2 |
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
|
19-12-2017 - 02:29 | 16-07-2001 - 04:00 | |
CVE-2001-1124 | 5.0 |
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
|
19-12-2017 - 02:29 | 01-10-2001 - 04:00 | |
CVE-2001-1256 | 1.2 |
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
|
19-12-2017 - 02:29 | 11-06-2001 - 04:00 | |
CVE-2001-0772 | 4.6 |
Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.
|
19-12-2017 - 02:29 | 18-10-2001 - 04:00 | |
CVE-2008-0730 | 4.6 |
The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local
|
21-11-2017 - 15:42 | 12-02-2008 - 21:00 | |
CVE-2013-3744 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400. P
|
18-11-2017 - 02:29 | 18-06-2013 - 22:55 | |
CVE-2009-0177 | 5.0 |
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0
|
19-10-2017 - 01:30 | 20-01-2009 - 16:00 | |
CVE-2006-5558 | 10.0 |
Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the det
|
19-10-2017 - 01:29 | 27-10-2006 - 16:07 | |
CVE-2006-5557 | 4.6 |
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the de
|
19-10-2017 - 01:29 | 27-10-2006 - 16:07 | |
CVE-1999-1573 | 10.0 |
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
|
19-10-2017 - 01:29 | 28-12-1999 - 05:00 | |
CVE-2000-1126 | 10.0 |
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
|
19-10-2017 - 01:29 | 09-01-2001 - 05:00 | |
CVE-2001-0328 | 5.0 |
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected IS
|
19-10-2017 - 01:29 | 27-06-2001 - 04:00 | |
CVE-2001-0380 | 6.4 |
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
|
19-10-2017 - 01:29 | 18-06-2001 - 04:00 | |
CVE-2001-1564 | 2.1 |
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting availa
|
12-10-2017 - 01:29 | 31-12-2001 - 05:00 | |
CVE-2002-2138 | 5.0 |
RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139.
|
12-10-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2007-1900 | 5.0 |
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression
|
11-10-2017 - 01:32 | 10-04-2007 - 18:19 | |
CVE-2007-2813 | 7.8 |
Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
|
11-10-2017 - 01:32 | 22-05-2007 - 19:30 | |
CVE-2007-1993 | 9.3 |
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure
|
11-10-2017 - 01:32 | 12-04-2007 - 10:19 | |
CVE-2007-1994 | 4.9 |
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether thi
|
11-10-2017 - 01:32 | 12-04-2007 - 10:19 | |
CVE-2006-3595 | 7.5 |
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
|
11-10-2017 - 01:31 | 18-07-2006 - 15:37 | |
CVE-2006-4188 | 5.0 |
Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.
|
11-10-2017 - 01:31 | 17-08-2006 - 00:04 | |
CVE-2006-4950 | 10.0 |
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOC
|
11-10-2017 - 01:31 | 23-09-2006 - 10:07 | |
CVE-2007-0916 | 4.9 |
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
|
11-10-2017 - 01:31 | 14-02-2007 - 02:28 | |
CVE-2007-0481 | 7.8 |
Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.
|
11-10-2017 - 01:31 | 25-01-2007 - 00:28 | |
CVE-2007-0648 | 7.8 |
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
|
11-10-2017 - 01:31 | 01-02-2007 - 01:28 | |
CVE-2007-1257 | 10.0 |
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. Per: http://www.cisco.com/warp/public/707/c
|
11-10-2017 - 01:31 | 03-03-2007 - 20:19 | |
CVE-2007-0917 | 6.4 |
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
|
11-10-2017 - 01:31 | 14-02-2007 - 02:28 | |
CVE-2007-0479 | 7.8 |
Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.
|
11-10-2017 - 01:31 | 25-01-2007 - 00:28 | |
CVE-2007-0480 | 10.0 |
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
|
11-10-2017 - 01:31 | 25-01-2007 - 00:28 | |
CVE-2007-1258 | 6.1 |
Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial
|
11-10-2017 - 01:31 | 03-03-2007 - 20:19 | |
CVE-2007-0396 | 7.1 |
Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.
|
11-10-2017 - 01:31 | 19-01-2007 - 23:28 | |
CVE-2007-0199 | 5.0 |
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
|
11-10-2017 - 01:31 | 11-01-2007 - 11:28 | |
CVE-2005-4090 | 10.0 |
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
|
11-10-2017 - 01:30 | 08-12-2005 - 11:03 | |
CVE-2005-1020 | 7.1 |
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-0988 | 3.7 |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip af
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-1057 | 7.5 |
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2006-1389 | 7.8 |
Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
11-10-2017 - 01:30 | 25-03-2006 - 00:06 | |
CVE-2005-2105 | 7.5 |
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
|
11-10-2017 - 01:30 | 05-07-2005 - 04:00 | |
CVE-2006-0486 | 4.6 |
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user d
|
11-10-2017 - 01:30 | 01-02-2006 - 02:02 | |
CVE-2006-0354 | 5.5 |
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number
|
11-10-2017 - 01:30 | 22-01-2006 - 20:03 | |
CVE-2005-3779 | 7.2 |
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
|
11-10-2017 - 01:30 | 23-11-2005 - 01:03 | |
CVE-2005-3396 | 7.5 |
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
|
11-10-2017 - 01:30 | 01-11-2005 - 12:47 | |
CVE-2006-1509 | 4.9 |
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. This vulnerability affects all versions of HP-UX B.11.00, B.11.11, an
|
11-10-2017 - 01:30 | 30-03-2006 - 01:06 | |
CVE-2005-2451 | 2.1 |
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
|
11-10-2017 - 01:30 | 03-08-2005 - 04:00 | |
CVE-2005-3481 | 9.3 |
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasi
|
11-10-2017 - 01:30 | 03-11-2005 - 02:02 | |
CVE-2006-1248 | 4.6 |
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which migh
|
11-10-2017 - 01:30 | 17-03-2006 - 19:02 | |
CVE-2005-3670 | 7.8 |
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remo
|
11-10-2017 - 01:30 | 18-11-2005 - 21:03 | |
CVE-2005-3564 | 7.2 |
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
|
11-10-2017 - 01:30 | 16-11-2005 - 07:42 | |
CVE-2005-1021 | 7.1 |
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-1058 | 7.5 |
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass X
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2006-0436 | 7.2 |
Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.
|
11-10-2017 - 01:30 | 26-01-2006 - 11:07 | |
CVE-2005-3565 | 7.5 |
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.
|
11-10-2017 - 01:30 | 16-11-2005 - 07:42 | |
CVE-2005-2841 | 7.5 |
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted u
|
11-10-2017 - 01:30 | 08-09-2005 - 10:03 | |
CVE-2006-0485 | 4.6 |
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allo
|
11-10-2017 - 01:30 | 01-02-2006 - 02:02 | |
CVE-2005-1228 | 5.0 |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-3296 | 10.0 |
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
|
11-10-2017 - 01:30 | 23-10-2005 - 21:02 | |
CVE-2002-1358 | 10.0 |
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2002-1357 | 10.0 |
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2002-2261 | 7.5 |
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
|
11-10-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2002-2262 | 5.0 |
Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.
|
11-10-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2002-0585 | 5.0 |
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
|
11-10-2017 - 01:29 | 18-06-2002 - 04:00 | |
CVE-2002-2270 | 3.6 |
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors.
|
11-10-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2002-1359 | 10.0 |
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2002-0279 | 4.6 |
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.
|
11-10-2017 - 01:29 | 31-05-2002 - 04:00 | |
CVE-2001-1182 | 7.2 |
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
|
11-10-2017 - 01:29 | 17-07-2001 - 04:00 | |
CVE-2001-1509 | 4.6 |
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
|
11-10-2017 - 01:29 | 31-12-2001 - 05:00 | |
CVE-2002-1409 | 2.1 |
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
|
11-10-2017 - 01:29 | 11-04-2003 - 04:00 | |
CVE-2002-1360 | 10.0 |
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code du
|
11-10-2017 - 01:29 | 23-12-2002 - 05:00 | |
CVE-2002-1618 | 7.2 |
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.
|
11-10-2017 - 01:29 | 16-10-2002 - 04:00 | |
CVE-2002-1794 | 10.0 |
Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users.
|
11-10-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2002-0798 | 2.1 |
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.
|
11-10-2017 - 01:29 | 12-08-2002 - 04:00 | |
CVE-2002-0577 | 2.1 |
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
|
11-10-2017 - 01:29 | 18-06-2002 - 04:00 | |
CVE-2001-1198 | 7.2 |
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.
|
11-10-2017 - 01:29 | 15-12-2001 - 05:00 | |
CVE-2004-0952 | 6.4 |
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2003-1099 | 2.1 |
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2005-0196 | 5.0 |
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0186 | 5.0 |
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed p
|
11-10-2017 - 01:29 | 19-01-2005 - 05:00 | |
CVE-2004-1332 | 7.5 |
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2004-0244 | 4.7 |
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, b
|
11-10-2017 - 01:29 | 23-11-2004 - 05:00 | |
CVE-2003-0511 | 5.0 |
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2005-0364 | 5.0 |
Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.
|
11-10-2017 - 01:29 | 10-02-2005 - 05:00 | |
CVE-2005-0197 | 6.1 |
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-1328 | 7.2 |
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2003-1097 | 7.2 |
Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2004-2665 | 4.9 |
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2003-1108 | 5.0 |
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-si
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-0951 | 7.5 |
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.
|
11-10-2017 - 01:29 | 15-12-2003 - 05:00 | |
CVE-2004-0965 | 7.2 |
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
|
11-10-2017 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2003-0512 | 5.0 |
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessi
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2001-0809 | 2.1 |
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
|
11-10-2017 - 01:29 | 06-12-2001 - 05:00 | |
CVE-2003-1359 | 7.2 |
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2001-0607 | 4.6 |
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.
|
11-10-2017 - 01:29 | 22-08-2001 - 04:00 | |
CVE-2004-1764 | 7.2 |
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
|
11-10-2017 - 01:29 | 14-01-2004 - 05:00 | |
CVE-2003-1461 | 7.2 |
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-1098 | 7.2 |
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2005-0195 | 5.0 |
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0547 | 4.6 |
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
|
11-10-2017 - 01:29 | 24-02-2005 - 05:00 | |
CVE-2004-0054 | 7.5 |
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.22
|
11-10-2017 - 01:29 | 17-02-2004 - 05:00 | |
CVE-2004-1375 | 4.6 |
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.
|
11-10-2017 - 01:29 | 23-12-2004 - 05:00 | |
CVE-2004-0710 | 5.0 |
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of ser
|
11-10-2017 - 01:29 | 27-07-2004 - 04:00 | |
CVE-2004-2693 | 7.2 |
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2003-1375 | 7.2 |
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-1356 | 7.2 |
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2004-1111 | 5.0 |
Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attacker
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2004-1029 | 9.3 |
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load un
|
11-10-2017 - 01:29 | 01-03-2005 - 05:00 | |
CVE-2003-0089 | 7.2 |
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.
|
11-10-2017 - 01:29 | 15-12-2003 - 05:00 | |
CVE-2003-0305 | 5.0 |
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
|
11-10-2017 - 01:29 | 09-06-2003 - 04:00 | |
CVE-2009-2135 | 4.9 |
Multiple race conditions in the Solaris Event Port API in Sun Solaris 10 and OpenSolaris before snv_107 allow local users to cause a denial of service (panic) via unspecified vectors related to a race between the port_dissociate and close functions.
|
29-09-2017 - 01:34 | 19-06-2009 - 19:30 | |
CVE-2009-2029 | 5.0 |
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
|
29-09-2017 - 01:34 | 11-06-2009 - 15:30 | |
CVE-2009-1673 | 4.9 |
The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.
|
29-09-2017 - 01:34 | 18-05-2009 - 18:30 | |
CVE-2009-1207 | 4.4 |
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
|
29-09-2017 - 01:34 | 01-04-2009 - 10:30 | |
CVE-2009-0923 | 7.8 |
Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vector
|
29-09-2017 - 01:34 | 17-03-2009 - 19:30 | |
CVE-2009-0908 | 6.4 |
Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
|
29-09-2017 - 01:34 | 06-04-2009 - 15:30 | |
CVE-2009-1427 | 4.9 |
Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.
|
29-09-2017 - 01:34 | 12-08-2009 - 10:30 | |
CVE-2009-0910 | 6.8 |
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows re
|
29-09-2017 - 01:34 | 06-04-2009 - 15:30 | |
CVE-2009-0913 | 4.7 |
Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to settin
|
29-09-2017 - 01:34 | 16-03-2009 - 17:30 | |
CVE-2009-0909 | 9.3 |
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows re
|
29-09-2017 - 01:34 | 06-04-2009 - 15:30 | |
CVE-2009-0798 | 5.0 |
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
|
29-09-2017 - 01:34 | 24-04-2009 - 15:30 | |
CVE-2009-0692 | 10.0 |
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet
|
29-09-2017 - 01:33 | 14-07-2009 - 20:30 | |
CVE-2009-0207 | 6.8 |
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local
|
29-09-2017 - 01:33 | 25-03-2009 - 01:30 | |
CVE-2009-0418 | 9.3 |
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read p
|
29-09-2017 - 01:33 | 04-02-2009 - 19:30 | |
CVE-2009-0688 | 7.5 |
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
|
29-09-2017 - 01:33 | 15-05-2009 - 15:30 | |
CVE-2009-0346 | 4.9 |
The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IP
|
29-09-2017 - 01:33 | 29-01-2009 - 19:30 | |
CVE-2009-0480 | 4.9 |
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by
|
29-09-2017 - 01:33 | 09-02-2009 - 16:30 | |
CVE-2009-0268 | 4.9 |
Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in
|
29-09-2017 - 01:33 | 26-01-2009 - 15:30 | |
CVE-2009-0267 | 5.0 |
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-
|
29-09-2017 - 01:33 | 26-01-2009 - 15:30 | |
CVE-2009-0168 | 4.9 |
Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporar
|
29-09-2017 - 01:33 | 16-01-2009 - 21:30 | |
CVE-2009-0319 | 6.9 |
Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr pr
|
29-09-2017 - 01:33 | 28-01-2009 - 18:30 | |
CVE-2009-0719 | 6.0 |
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.
|
29-09-2017 - 01:33 | 29-04-2009 - 15:30 | |
CVE-2009-0518 | 2.1 |
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.
|
29-09-2017 - 01:33 | 06-04-2009 - 15:30 | |
CVE-2009-0167 | 4.7 |
Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability."
|
29-09-2017 - 01:33 | 16-01-2009 - 21:30 | |
CVE-2008-5341 | 5.0 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4131 | 7.2 |
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit pro
|
29-09-2017 - 01:32 | 19-09-2008 - 17:15 | |
CVE-2008-5010 | 10.0 |
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka
|
29-09-2017 - 01:32 | 10-11-2008 - 15:23 | |
CVE-2008-4210 | 4.6 |
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspec
|
29-09-2017 - 01:32 | 29-09-2008 - 17:17 | |
CVE-2008-5339 | 5.0 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connecti
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5684 | 5.0 |
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port sca
|
29-09-2017 - 01:32 | 19-12-2008 - 17:30 | |
CVE-2008-5352 | 9.3 |
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and a
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5350 | 5.0 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5344 | 7.5 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make una
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4916 | 4.6 |
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build
|
29-09-2017 - 01:32 | 06-04-2009 - 15:30 | |
CVE-2008-5356 | 9.3 |
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5410 | 7.8 |
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via
|
29-09-2017 - 01:32 | 10-12-2008 - 00:30 | |
CVE-2008-5343 | 9.0 |
Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5358 | 9.3 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashsc
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5354 | 9.3 |
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applicat
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5347 | 7.5 |
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JA
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4416 | 4.6 |
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
|
29-09-2017 - 01:32 | 05-12-2008 - 00:30 | |
CVE-2008-5690 | 2.1 |
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permis
|
29-09-2017 - 01:32 | 19-12-2008 - 17:30 | |
CVE-2008-5355 | 10.0 |
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which a
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4226 | 10.0 |
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
|
29-09-2017 - 01:32 | 25-11-2008 - 23:30 | |
CVE-2008-4914 | 4.7 |
Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.
|
29-09-2017 - 01:32 | 03-02-2009 - 19:30 | |
CVE-2008-5351 | 7.5 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to b
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4225 | 7.8 |
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
|
29-09-2017 - 01:32 | 25-11-2008 - 23:30 | |
CVE-2008-5340 | 10.0 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to acces
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-5348 | 7.1 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4160 | 4.7 |
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) i
|
29-09-2017 - 01:32 | 22-09-2008 - 18:52 | |
CVE-2008-5342 | 5.0 |
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications
|
29-09-2017 - 01:32 | 05-12-2008 - 11:30 | |
CVE-2008-4018 | 7.2 |
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be lev
|
29-09-2017 - 01:31 | 11-09-2008 - 01:13 | |
CVE-2008-3815 | 4.3 |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Mi
|
29-09-2017 - 01:31 | 23-10-2008 - 22:00 | |
CVE-2008-3810 | 7.8 |
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than C
|
29-09-2017 - 01:31 | 26-09-2008 - 16:21 | |
CVE-2008-3875 | 7.2 |
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors inv
|
29-09-2017 - 01:31 | 02-09-2008 - 14:24 | |
CVE-2008-3816 | 7.8 |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
|
29-09-2017 - 01:31 | 23-10-2008 - 22:00 | |
CVE-2008-3811 | 7.8 |
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnera
|
29-09-2017 - 01:31 | 26-09-2008 - 16:21 | |
CVE-2008-3817 | 7.8 |
Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets,
|
29-09-2017 - 01:31 | 23-10-2008 - 22:00 | |
CVE-2008-3716 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. Download Harmoni 1.6.0 at Sourceforge:
http://sou
|
29-09-2017 - 01:31 | 19-08-2008 - 19:41 | |
CVE-2008-2929 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Dir
|
29-09-2017 - 01:31 | 29-08-2008 - 18:41 | |
CVE-2008-2928 | 10.0 |
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP
|
29-09-2017 - 01:31 | 29-08-2008 - 18:41 | |
CVE-2008-2930 | 7.1 |
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to
|
29-09-2017 - 01:31 | 29-08-2008 - 18:41 | |
CVE-2008-2089 | 7.8 |
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
|
29-09-2017 - 01:31 | 06-05-2008 - 15:20 | |
CVE-2008-2090 | 7.8 |
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
|
29-09-2017 - 01:31 | 06-05-2008 - 15:20 | |
CVE-2008-3549 | 4.7 |
Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors.
|
29-09-2017 - 01:31 | 07-08-2008 - 21:41 | |
CVE-2008-2706 | 4.9 |
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
|
29-09-2017 - 01:31 | 16-06-2008 - 18:41 | |
CVE-2008-3283 | 7.8 |
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authent
|
29-09-2017 - 01:31 | 29-08-2008 - 18:41 | |
CVE-2008-2476 | 9.3 |
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origi
|
29-09-2017 - 01:31 | 03-10-2008 - 15:07 | |
CVE-2008-2418 | 4.7 |
Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
|
29-09-2017 - 01:31 | 23-05-2008 - 15:32 | |
CVE-2008-2514 | 4.6 |
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.
|
29-09-2017 - 01:31 | 02-06-2008 - 21:30 | |
CVE-2008-2515 | 7.2 |
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."
|
29-09-2017 - 01:31 | 02-06-2008 - 21:30 | |
CVE-2008-2538 | 6.9 |
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
|
29-09-2017 - 01:31 | 03-06-2008 - 15:32 | |
CVE-2008-2513 | 7.2 |
Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.
|
29-09-2017 - 01:31 | 02-06-2008 - 21:30 | |
CVE-2007-6589 | 4.3 |
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (X
|
29-09-2017 - 01:30 | 28-12-2007 - 21:46 | |
CVE-2007-6717 | 7.2 |
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
|
29-09-2017 - 01:30 | 11-09-2008 - 01:04 | |
CVE-2008-1659 | 7.2 |
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
|
29-09-2017 - 01:30 | 08-05-2008 - 00:20 | |
CVE-2008-1600 | 7.2 |
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
|
29-09-2017 - 01:30 | 31-03-2008 - 23:44 | |
CVE-2008-1593 | 7.2 |
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a
|
29-09-2017 - 01:30 | 31-03-2008 - 23:44 | |
CVE-2008-1684 | 4.7 |
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
|
29-09-2017 - 01:30 | 06-04-2008 - 23:44 | |
CVE-2008-1664 | 7.8 |
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
|
29-09-2017 - 01:30 | 08-08-2008 - 19:41 | |
CVE-2008-1595 | 4.9 |
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information
|
29-09-2017 - 01:30 | 31-03-2008 - 23:44 | |
CVE-2008-1668 | 10.0 |
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remot
|
29-09-2017 - 01:30 | 13-08-2008 - 18:41 | |
CVE-2008-1599 | 7.2 |
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
|
29-09-2017 - 01:30 | 31-03-2008 - 23:44 | |
CVE-2008-1601 | 7.2 |
Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.
|
29-09-2017 - 01:30 | 31-03-2008 - 23:44 | |
CVE-2008-1779 | 6.8 |
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
|
29-09-2017 - 01:30 | 14-04-2008 - 16:05 | |
CVE-2008-1662 | 10.0 |
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
|
29-09-2017 - 01:30 | 01-08-2008 - 14:41 | |
CVE-2008-1594 | 4.9 |
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lred
|
29-09-2017 - 01:30 | 31-03-2008 - 23:44 | |
CVE-2008-1660 | 6.3 |
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
|
29-09-2017 - 01:30 | 21-05-2008 - 13:24 | |
CVE-2008-0587 | 7.2 |
Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
|
29-09-2017 - 01:30 | 05-02-2008 - 03:00 | |
CVE-2008-0588 | 7.2 |
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
|
29-09-2017 - 01:30 | 05-02-2008 - 03:00 | |
CVE-2008-1151 | 7.1 |
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated afte
|
29-09-2017 - 01:30 | 27-03-2008 - 17:44 | |
CVE-2008-0598 | 4.9 |
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
|
29-09-2017 - 01:30 | 30-06-2008 - 22:41 | |
CVE-2008-1156 | 5.1 |
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree
|
29-09-2017 - 01:30 | 27-03-2008 - 10:44 | |
CVE-2008-0509 | 4.4 |
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
|
29-09-2017 - 01:30 | 31-01-2008 - 20:00 | |
CVE-2008-1152 | 7.8 |
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
|
29-09-2017 - 01:30 | 27-03-2008 - 17:44 | |
CVE-2008-1153 | 7.1 |
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
|
29-09-2017 - 01:30 | 27-03-2008 - 10:44 | |
CVE-2008-1159 | 7.1 |
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
|
29-09-2017 - 01:30 | 22-05-2008 - 13:09 | |
CVE-2008-1150 | 7.1 |
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) dat
|
29-09-2017 - 01:30 | 27-03-2008 - 17:44 | |
CVE-2008-1274 | 6.9 |
Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory. Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
29-09-2017 - 01:30 | 10-03-2008 - 23:44 | |
CVE-2008-0713 | 6.8 |
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
|
29-09-2017 - 01:30 | 13-05-2008 - 20:20 | |
CVE-2008-0242 | 7.2 |
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
|
29-09-2017 - 01:30 | 12-01-2008 - 02:46 | |
CVE-2008-0586 | 7.2 |
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd
|
29-09-2017 - 01:30 | 05-02-2008 - 03:00 | |
CVE-2008-0938 | 4.7 |
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability th
|
29-09-2017 - 01:30 | 25-02-2008 - 18:44 | |
CVE-2008-0584 | 7.2 |
Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.
|
29-09-2017 - 01:30 | 05-02-2008 - 03:00 | |
CVE-2008-1115 | 4.9 |
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
|
29-09-2017 - 01:30 | 03-03-2008 - 18:44 | |
CVE-2008-0718 | 4.7 |
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
|
29-09-2017 - 01:30 | 12-02-2008 - 02:00 | |
CVE-2008-0933 | 4.7 |
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
|
29-09-2017 - 01:30 | 25-02-2008 - 18:44 | |
CVE-2007-5651 | 7.1 |
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and
|
29-09-2017 - 01:29 | 23-10-2007 - 21:47 | |
CVE-2007-5716 | 7.8 |
Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.
|
29-09-2017 - 01:29 | 30-10-2007 - 21:46 | |
CVE-2007-6419 | 7.8 |
Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
|
29-09-2017 - 01:29 | 24-12-2007 - 20:46 | |
CVE-2007-6505 | 3.5 |
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it
|
29-09-2017 - 01:29 | 20-12-2007 - 23:46 | |
CVE-2007-5764 | 7.2 |
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
|
29-09-2017 - 01:29 | 25-01-2008 - 01:00 | |
CVE-2007-5302 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecif
|
29-09-2017 - 01:29 | 09-10-2007 - 18:17 | |
CVE-2007-5946 | 7.2 |
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
|
29-09-2017 - 01:29 | 14-11-2007 - 01:46 | |
CVE-2007-5008 | 9.0 |
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
|
29-09-2017 - 01:29 | 20-09-2007 - 21:17 | |
CVE-2007-4623 | 7.2 |
Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
|
29-09-2017 - 01:29 | 05-11-2007 - 16:46 | |
CVE-2007-6063 | 6.9 |
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
|
29-09-2017 - 01:29 | 21-11-2007 - 00:46 | |
CVE-2007-5237 | 7.1 |
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulne
|
29-09-2017 - 01:29 | 06-10-2007 - 00:17 | |
CVE-2007-4285 | 9.0 |
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4294 | 6.8 |
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4293 | 7.1 |
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4179 | 1.5 |
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from C
|
29-09-2017 - 01:29 | 08-08-2007 - 01:17 | |
CVE-2007-4263 | 8.5 |
Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
|
29-09-2017 - 01:29 | 08-08-2007 - 23:17 | |
CVE-2007-4125 | 7.1 |
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors.
|
29-09-2017 - 01:29 | 01-08-2007 - 16:17 | |
CVE-2007-4295 | 6.8 |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4291 | 7.1 |
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4513 | 7.2 |
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
|
29-09-2017 - 01:29 | 05-11-2007 - 16:46 | |
CVE-2007-4292 | 9.3 |
Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, an
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2013-5864 | 4.9 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.
|
19-09-2017 - 01:36 | 16-10-2013 - 18:55 | |
CVE-2013-5419 | 6.9 |
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
|
19-09-2017 - 01:36 | 04-10-2013 - 10:44 | |
CVE-2013-5862 | 4.9 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215.
|
19-09-2017 - 01:36 | 16-10-2013 - 18:55 | |
CVE-2013-5839 | 4.3 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.
|
19-09-2017 - 01:36 | 16-10-2013 - 17:55 | |
CVE-2013-3787 | 4.3 |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.
|
19-09-2017 - 01:36 | 17-07-2013 - 13:41 | |
CVE-2013-3813 | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix.
|
19-09-2017 - 01:36 | 17-07-2013 - 13:41 | |
CVE-2013-3035 | 7.1 |
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.
|
19-09-2017 - 01:36 | 21-06-2013 - 14:55 | |
CVE-2013-2449 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous inform
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-3786 | 6.0 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
|
19-09-2017 - 01:36 | 17-07-2013 - 13:41 | |
CVE-2013-2400 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744. P
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-2462 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Per: http://
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-2434 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-3842 | 2.1 |
Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).
|
19-09-2017 - 01:36 | 16-10-2013 - 15:55 | |
CVE-2013-2460 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servicea
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-3745 | 2.1 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
|
19-09-2017 - 01:36 | 17-07-2013 - 13:41 | |
CVE-2013-2458 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the p
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-3837 | 4.3 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.
|
19-09-2017 - 01:36 | 16-10-2013 - 15:55 | |
CVE-2013-3799 | 4.9 |
Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel. Per: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
'CVE-201
|
19-09-2017 - 01:36 | 17-07-2013 - 13:41 | |
CVE-2013-4011 | 7.2 |
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
|
19-09-2017 - 01:36 | 18-07-2013 - 16:51 | |
CVE-2013-3757 | 6.4 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.
|
19-09-2017 - 01:36 | 17-07-2013 - 13:41 | |
CVE-2013-3005 | 8.5 |
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
|
19-09-2017 - 01:36 | 06-07-2013 - 13:57 | |
CVE-2013-1496 | 4.9 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.
|
19-09-2017 - 01:36 | 17-04-2013 - 12:14 | |
CVE-2013-1489 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very Hig
|
19-09-2017 - 01:36 | 31-01-2013 - 14:55 | |
CVE-2013-1530 | 3.8 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
|
19-09-2017 - 01:36 | 17-04-2013 - 12:19 | |
CVE-2013-1484 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
|
19-09-2017 - 01:36 | 20-02-2013 - 21:55 | |
CVE-2013-1667 | 7.5 |
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
|
19-09-2017 - 01:36 | 14-03-2013 - 03:13 | |
CVE-2013-1494 | 4.7 |
Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.
|
19-09-2017 - 01:36 | 17-04-2013 - 12:14 | |
CVE-2013-1498 | 4.9 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.
|
19-09-2017 - 01:36 | 17-04-2013 - 12:14 | |
CVE-2013-1507 | 4.9 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.
|
19-09-2017 - 01:36 | 17-04-2013 - 12:14 | |
CVE-2013-1485 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Per vendor Note 1 "Applies to client deployment
|
19-09-2017 - 01:36 | 20-02-2013 - 21:55 | |
CVE-2013-1491 | 10.0 |
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as d
|
19-09-2017 - 01:36 | 08-03-2013 - 18:55 | |
CVE-2012-5885 | 5.0 |
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce)
|
19-09-2017 - 01:35 | 17-11-2012 - 19:55 | |
CVE-2012-5166 | 7.8 |
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
|
19-09-2017 - 01:35 | 10-10-2012 - 21:55 | |
CVE-2012-4431 | 4.3 |
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
|
19-09-2017 - 01:35 | 19-12-2012 - 11:55 | |
CVE-2012-4534 | 2.6 |
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by termi
|
19-09-2017 - 01:35 | 19-12-2012 - 11:55 | |
CVE-2012-3546 | 4.3 |
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then
|
19-09-2017 - 01:35 | 19-12-2012 - 11:55 | |
CVE-2013-0405 | 6.4 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0404 | 3.7 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0406 | 4.3 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0444 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0413 | 4.4 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0437 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0449 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0403 | 1.9 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0398 | 5.0 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).
|
19-09-2017 - 01:35 | 17-07-2013 - 13:41 | |
CVE-2013-0415 | 6.0 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.
|
19-09-2017 - 01:35 | 17-01-2013 - 01:55 | |
CVE-2013-0401 | 10.0 |
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demo
|
19-09-2017 - 01:35 | 08-03-2013 - 18:55 | |
CVE-2013-0408 | 5.0 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0412 | 3.6 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0411 | 5.9 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.
|
19-09-2017 - 01:35 | 17-04-2013 - 12:14 | |
CVE-2013-0399 | 6.6 |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.
|
19-09-2017 - 01:35 | 17-01-2013 - 01:55 | |
CVE-2013-0400 | 6.6 |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.
|
19-09-2017 - 01:35 | 17-01-2013 - 01:55 | |
CVE-2013-0407 | 4.6 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
|
19-09-2017 - 01:35 | 17-01-2013 - 01:55 | |
CVE-2011-4159 | 6.8 |
Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
|
19-09-2017 - 01:34 | 19-11-2011 - 03:58 | |
CVE-2011-3597 | 7.5 |
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
|
19-09-2017 - 01:34 | 13-01-2012 - 18:55 | |
CVE-2012-1699 | 3.6 |
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of se
|
19-09-2017 - 01:34 | 21-12-2012 - 05:46 | |
CVE-2012-2746 | 2.1 |
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us
|
19-09-2017 - 01:34 | 03-07-2012 - 16:40 | |
CVE-2012-2678 | 1.2 |
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#use
|
19-09-2017 - 01:34 | 03-07-2012 - 16:40 | |
CVE-2012-2733 | 5.0 |
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of servic
|
19-09-2017 - 01:34 | 16-11-2012 - 21:55 | |
CVE-2012-0570 | 2.1 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
|
19-09-2017 - 01:34 | 17-04-2013 - 12:14 | |
CVE-2012-0568 | 2.1 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.
|
19-09-2017 - 01:34 | 17-04-2013 - 12:14 | |
CVE-2012-0569 | 3.3 |
Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.
|
19-09-2017 - 01:34 | 17-01-2013 - 01:55 | |
CVE-2012-0131 | 10.0 |
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:34 | 05-04-2012 - 13:55 | |
CVE-2011-3164 | 6.8 |
Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors. Per: http://h20565.www2.
|
19-09-2017 - 01:33 | 04-11-2011 - 21:55 | |
CVE-2011-2398 | 6.8 |
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
|
19-09-2017 - 01:33 | 11-07-2011 - 20:55 | |
CVE-2011-0547 | 10.0 |
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster
|
19-09-2017 - 01:32 | 19-08-2011 - 21:55 | |
CVE-2010-3563 | 10.0 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-4422 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
|
19-09-2017 - 01:31 | 17-02-2011 - 19:00 | |
CVE-2010-4108 | 6.8 |
HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.
|
19-09-2017 - 01:31 | 08-12-2010 - 18:00 | |
CVE-2010-3570 | 7.6 |
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-5107 | 5.0 |
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
|
19-09-2017 - 01:31 | 07-03-2013 - 20:55 | |
CVE-2010-3555 | 9.3 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3564 | 6.4 |
Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webma
|
19-09-2017 - 01:31 | 14-10-2010 - 18:00 | |
CVE-2010-3558 | 10.0 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3560 | 2.6 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3552 | 10.0 |
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technetwork
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3406 | 1.7 |
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
|
19-09-2017 - 01:31 | 16-09-2010 - 21:00 | |
CVE-2010-2712 | 6.8 |
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
|
19-09-2017 - 01:31 | 30-08-2010 - 21:00 | |
CVE-2010-1141 | 8.5 |
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; V
|
19-09-2017 - 01:30 | 12-04-2010 - 18:30 | |
CVE-2010-1447 | 8.5 |
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows
|
19-09-2017 - 01:30 | 19-05-2010 - 18:30 | |
CVE-2010-1137 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a vi
|
19-09-2017 - 01:30 | 01-04-2010 - 19:30 | |
CVE-2010-1168 | 7.5 |
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and
|
19-09-2017 - 01:30 | 21-06-2010 - 16:30 | |
CVE-2010-0826 | 1.9 |
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-0382 | 7.6 |
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to ha
|
19-09-2017 - 01:30 | 22-01-2010 - 22:00 | |
CVE-2010-0097 | 4.3 |
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a f
|
19-09-2017 - 01:30 | 22-01-2010 - 22:00 | |
CVE-2010-1030 | 4.4 |
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.
|
19-09-2017 - 01:30 | 31-03-2010 - 18:00 | |
CVE-2010-0890 | 2.1 |
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_01 through snv_98 allows local users to affect availability via unknown vectors related to the Kernel.
|
19-09-2017 - 01:30 | 13-04-2010 - 22:30 | |
CVE-2010-1032 | 4.9 |
Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.
|
19-09-2017 - 01:30 | 21-04-2010 - 14:30 | |
CVE-2010-0961 | 7.2 |
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
|
19-09-2017 - 01:30 | 10-03-2010 - 22:30 | |
CVE-2010-0882 | 7.2 |
Unspecified vulnerability in the Solaris component in Oracle Sun Product Suite 10 and OpenSolaris snv_134 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Trusted Extensions.
|
19-09-2017 - 01:30 | 13-04-2010 - 22:30 | |
CVE-2010-0742 | 7.5 |
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid
|
19-09-2017 - 01:30 | 03-06-2010 - 14:30 | |
CVE-2010-0891 | 5.8 |
Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Solaris Container Manager.
|
19-09-2017 - 01:30 | 13-04-2010 - 22:30 | |
CVE-2010-0310 | 6.8 |
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
|
19-09-2017 - 01:30 | 14-01-2010 - 19:30 | |
CVE-2010-0451 | 4.0 |
The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.
|
19-09-2017 - 01:30 | 29-03-2010 - 22:30 | |
CVE-2009-4565 | 7.5 |
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a
|
19-09-2017 - 01:29 | 04-01-2010 - 21:30 | |
CVE-2009-4022 | 2.6 |
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS c
|
19-09-2017 - 01:29 | 25-11-2009 - 16:30 | |
CVE-2009-4184 | 6.2 |
Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.
|
19-09-2017 - 01:29 | 03-02-2010 - 18:30 | |
CVE-2009-3839 | 6.8 |
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.
|
19-09-2017 - 01:29 | 02-11-2009 - 15:30 | |
CVE-2009-4355 | 5.0 |
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to
|
19-09-2017 - 01:29 | 14-01-2010 - 19:30 | |
CVE-2009-3517 | 10.0 |
nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.
|
19-09-2017 - 01:29 | 01-10-2009 - 15:30 | |
CVE-2009-2952 | 4.9 |
Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
|
19-09-2017 - 01:29 | 24-08-2009 - 15:30 | |
CVE-2009-3746 | 1.9 |
XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability t
|
19-09-2017 - 01:29 | 22-10-2009 - 16:30 | |
CVE-2009-2912 | 4.9 |
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
|
19-09-2017 - 01:29 | 21-08-2009 - 11:02 | |
CVE-2009-2682 | 7.2 |
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
|
19-09-2017 - 01:29 | 24-09-2009 - 18:30 | |
CVE-2009-3797 | 9.3 |
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
|
19-09-2017 - 01:29 | 10-12-2009 - 19:30 | |
CVE-2009-3516 | 7.2 |
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
|
19-09-2017 - 01:29 | 01-10-2009 - 15:30 | |
CVE-2009-2277 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
|
19-09-2017 - 01:29 | 01-04-2010 - 19:30 | |
CVE-2009-2905 | 4.6 |
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
|
19-09-2017 - 01:29 | 29-09-2009 - 19:30 | |
CVE-2009-2644 | 4.9 |
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds
|
19-09-2017 - 01:29 | 29-07-2009 - 17:30 | |
CVE-2009-3245 | 10.0 |
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent at
|
19-09-2017 - 01:29 | 05-03-2010 - 19:30 | |
CVE-2009-2711 | 4.9 |
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed
|
19-09-2017 - 01:29 | 07-08-2009 - 19:00 | |
CVE-2009-3899 | 7.8 |
Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
|
19-09-2017 - 01:29 | 06-11-2009 - 15:30 | |
CVE-2009-2972 | 7.8 |
in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."
|
19-09-2017 - 01:29 | 27-08-2009 - 17:30 | |
CVE-2009-2486 | 7.8 |
Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.
|
19-09-2017 - 01:29 | 16-07-2009 - 16:30 | |
CVE-2009-3851 | 7.2 |
Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended
|
19-09-2017 - 01:29 | 03-11-2009 - 16:30 | |
CVE-2009-2679 | 7.8 |
Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.
|
19-09-2017 - 01:29 | 05-10-2009 - 18:30 | |
CVE-2009-2487 | 7.8 |
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
|
19-09-2017 - 01:29 | 16-07-2009 - 16:30 | |
CVE-1999-0621 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration En
|
01-08-2008 - 04:00 | 01-01-1999 - 05:00 |