Total
9782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0164 | 1 Apple | 1 Cups | 2023-12-10 | 6.4 MEDIUM | N/A |
| The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. | |||||
| CVE-2008-2574 | 1 Flashblog | 1 Flashblog | 2023-12-10 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/. | |||||
| CVE-2009-0813 | 1 Imera | 1 Teamlinks | 2023-12-10 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters. | |||||
| CVE-2008-0892 | 1 Redhat | 2 Directory Server, Fedora Directory Server | 2023-12-10 | 9.0 HIGH | N/A |
| The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. | |||||
| CVE-2008-3286 | 1 Sierra | 1 Swat 4 | 2023-12-10 | 5.0 MEDIUM | N/A |
| SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string. | |||||
| CVE-2008-1693 | 1 Poppler | 1 Poppler | 2023-12-10 | 6.8 MEDIUM | N/A |
| The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. | |||||
| CVE-2008-6185 | 1 Noticeware | 1 Noticeware Email Server Ng | 2023-12-10 | 5.0 MEDIUM | N/A |
| NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command. | |||||
| CVE-2008-4907 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 4.3 MEDIUM | N/A |
| The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." | |||||
| CVE-2008-3906 | 2 Mono, Mono Project | 2 Mono, Mono | 2023-12-10 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. | |||||
| CVE-2008-2170 | 1 Century Software | 1 Router | 2023-12-10 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
| CVE-2008-5522 | 2 Avg, Microsoft | 2 Antivirus, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
| AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-4318 | 1 Project-observer | 1 Observer | 2023-12-10 | 10.0 HIGH | N/A |
| Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | |||||
| CVE-2008-1740 | 1 Cisco | 1 Unified Presence | 2023-12-10 | 7.8 HIGH | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. | |||||
| CVE-2008-4444 | 1 Cisco | 2 Unified Ip Phone 7940g, Unified Ip Phone 7960g | 2023-12-10 | 7.1 HIGH | N/A |
| Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers. | |||||
| CVE-2008-7136 | 1 Icq | 1 Icq Toolbar | 2023-12-10 | 4.3 MEDIUM | N/A |
| toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. | |||||
| CVE-2008-4050 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2023-12-10 | 9.3 HIGH | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method. | |||||
| CVE-2009-1242 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 4.9 MEDIUM | N/A |
| The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. | |||||
| CVE-2008-1648 | 1 Sympa | 1 Sympa | 2023-12-10 | 5.0 MEDIUM | N/A |
| Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2421 | 1 Apple | 1 Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
| The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. | |||||
| CVE-2008-5657 | 1 Quassel | 1 Quassel Core | 2023-12-10 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message. | |||||