Total
93712 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | |||||
| CVE-2009-5004 | 1 Apache | 1 Qpid-cpp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | |||||
| CVE-2009-4900 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pixelpost 1.7.1 has XSS | |||||
| CVE-2009-4267 | 1 Apache | 1 Juddi | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | |||||
| CVE-2009-4067 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. | |||||
| CVE-2009-3724 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. | |||||
| CVE-2009-2802 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | |||||
| CVE-2009-0035 | 1 Alsa-project | 1 Alsa | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | |||||
| CVE-2008-7321 | 1 Tubepress | 1 Tubepress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tubepress plugin before 1.6.5 for WordPress has XSS. | |||||
| CVE-2008-7320 | 1 Gnome | 1 Seahorse | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| ** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision. | |||||
| CVE-2008-5083 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. | |||||
| CVE-2008-3280 | 1 Openid | 1 Openid | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. | |||||
| CVE-2008-2544 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | |||||
| CVE-2008-10004 | 1 Email Registration Project | 1 Email Registration | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. | |||||
| CVE-2008-10003 | 1 Flashgames Project | 1 Flashgames | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. | |||||
| CVE-2008-10001 | 1 Pro2col | 1 Stingray Fts | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2007-5967 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | |||||
| CVE-2007-4774 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process. | |||||
| CVE-2007-3732 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. | |||||
| CVE-2007-10003 | 1 Wp-plugins | 1 The Hackers Diet | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803. | |||||