Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4789 | 1 Cisco | 2 Content Switching Module With Ssl, Content Switching Modules | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876. | |||||
| CVE-2009-3746 | 1 Sun | 1 Solaris | 2025-04-09 | 1.9 LOW | N/A |
| XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. | |||||
| CVE-2009-4419 | 1 Intel | 5 Gm45 Chipset, Pm45 Express Chipset, Q35 Chipset and 2 more | 2025-04-09 | 7.2 HIGH | N/A |
| Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded. | |||||
| CVE-2008-1156 | 1 Cisco | 2 Cisco Ios, Ios | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | |||||
| CVE-2007-6676 | 1 Uber Uploader | 1 Uber Uploader | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add file extensions that you may or may not want uploaded." | |||||
| CVE-2009-2049 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-09 | 5.4 MEDIUM | N/A |
| Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973. | |||||
| CVE-2006-6899 | 1 Bluez Project | 1 Bluez | 2025-04-09 | 5.4 MEDIUM | N/A |
| hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. | |||||
| CVE-2008-6638 | 1 Versalsoft | 1 Http File Upload Activex Control | 2025-04-09 | 8.8 HIGH | N/A |
| Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote attackers to delete arbitrary files via the RemoveFileOrDir method. | |||||
| CVE-2007-4749 | 1 Autodesk | 1 Backburner | 2025-04-09 | 6.8 MEDIUM | N/A |
| The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. | |||||
| CVE-2009-1211 | 1 Bluecoat | 19 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 16 more | 2025-04-09 | 5.8 MEDIUM | N/A |
| Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | |||||
| CVE-2009-1295 | 2 Apport, Ubuntu | 2 Apport, Ubuntu | 2025-04-09 | 1.9 LOW | N/A |
| Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-0128 | 1 Apache | 1 Tomcat | 2025-04-09 | 5.0 MEDIUM | N/A |
| The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||||
| CVE-2008-2154 | 1 Ibm | 1 Db2 | 2025-04-09 | 6.0 MEDIUM | N/A |
| IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | |||||
| CVE-2009-1312 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | |||||
| CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2025-04-09 | 7.2 HIGH | N/A |
| The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | |||||
| CVE-2007-3380 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service. | |||||
| CVE-2008-2366 | 2 Openoffice, Redhat | 2 Openoffice, Enterprise Linux | 2025-04-09 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | |||||
| CVE-2007-1184 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | |||||
| CVE-2009-0432 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-4071 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.8 MEDIUM | N/A |
| Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||