Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4325 | 1 Ibm | 1 Db2 | 2024-02-04 | 6.4 MEDIUM | N/A |
| The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | |||||
| CVE-2008-4399 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." | |||||
| CVE-2009-0008 | 2 Apple, Microsoft | 3 Quicktime Mpeg-2 Playback Component, Windows Vista, Windows Xp | 2024-02-04 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. | |||||
| CVE-2009-0234 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Server 2008 | 2024-02-04 | 6.4 MEDIUM | N/A |
| The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." | |||||
| CVE-2008-3934 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 3.3 LOW | N/A |
| Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | |||||
| CVE-2008-4641 | 1 Sentex | 1 Jhead | 2024-02-04 | 10.0 HIGH | N/A |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||||
| CVE-2008-5732 | 1 Kafooeyblog | 1 Kafooeyblog | 2024-02-04 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2009-2533 | 1 Realnetworks | 2 Helix Server, Helix Server Mobile | 2024-02-04 | 5.0 MEDIUM | N/A |
| rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers. | |||||
| CVE-2009-2998 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. | |||||
| CVE-2009-0682 | 1 Ca | 1 Internet Security Suite | 2024-02-04 | 2.1 LOW | N/A |
| vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call. | |||||
| CVE-2009-0519 | 1 Adobe | 4 Air, Flash Player, Flash Player For Linux and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. | |||||
| CVE-2009-0099 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | |||||
| CVE-2009-0022 | 1 Samba | 1 Samba | 2024-02-04 | 6.3 MEDIUM | N/A |
| Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. | |||||
| CVE-2008-5528 | 2 Aladdin, Microsoft | 2 Esafe, Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
| Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-3790 | 1 Ruby-lang | 1 Ruby | 2024-02-04 | 5.0 MEDIUM | N/A |
| The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion." | |||||
| CVE-2008-5705 | 1 Verlihub-project | 1 Verlihub | 2024-02-04 | 9.3 HIGH | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument. | |||||
| CVE-2009-2655 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2024-02-04 | 4.3 MEDIUM | N/A |
| mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. | |||||
| CVE-2009-1668 | 1 Typsoft | 1 Typsoft Ftp Server | 2024-02-04 | 4.0 MEDIUM | N/A |
| TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer. | |||||
| CVE-2008-1028 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | |||||
| CVE-2009-4327 | 1 Ibm | 1 Db2 | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||