Total
10016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1300 | 1 Debian | 1 Advanced Package Tool | 2024-02-04 | 10.0 HIGH | N/A |
| apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight. | |||||
| CVE-2008-4366 | 1 Camera Life | 1 Camera Life | 2024-02-04 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | |||||
| CVE-2009-2918 | 1 Thegreenbow | 1 Thegreenbow Vpn Client | 2024-02-04 | 2.1 LOW | N/A |
| The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0. | |||||
| CVE-2008-3410 | 1 Epic Games | 1 Unreal Tournament 3 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c. | |||||
| CVE-2009-2954 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||||
| CVE-2003-1569 | 2 Goahead, Microsoft | 4 Goahead Webserver, Windows 95, Windows 98 and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. | |||||
| CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2024-02-04 | 9.0 HIGH | N/A |
| webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. | |||||
| CVE-2008-6814 | 2 Jan De Graaff, Mambo | 2 Com Simpleboard, Mambo | 2024-02-04 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. | |||||
| CVE-2008-3810 | 1 Cisco | 1 Ios | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811. | |||||
| CVE-2008-2809 | 2 Mozilla, Netscape | 4 Firefox, Geckb, Seamonkey and 1 more | 2024-02-04 | 4.0 MEDIUM | N/A |
| Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | |||||
| CVE-2009-1783 | 1 F-prot | 3 F-prot Antivirus, F-prot Aves, F-prot Milter | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. | |||||
| CVE-2009-1062 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. | |||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | |||||
| CVE-2009-1082 | 1 Sun | 1 Java System Identity Manager | 2024-02-04 | 9.0 HIGH | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs. | |||||
| CVE-2008-1942 | 1 Foxit Software | 1 Reader | 2024-02-04 | 6.8 MEDIUM | N/A |
| Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186. | |||||
| CVE-2008-3287 | 1 Emc Dantz | 1 Retrospect Backup Client | 2024-02-04 | 5.0 MEDIUM | N/A |
| retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. | |||||
| CVE-2008-3578 | 1 Hydrairc | 1 Hydrairc | 2024-02-04 | 5.0 MEDIUM | N/A |
| HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI. | |||||
| CVE-2009-2055 | 1 Cisco | 1 Ios Xr | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009. | |||||
| CVE-2008-1157 | 1 Cisco | 1 Ciscoworks Internetwork Performance Monitor | 2024-02-04 | 10.0 HIGH | N/A |
| Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2008-2055 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix Security Appliance | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. | |||||