Total
7916 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4314 | 1 Samba | 1 Samba | 2023-12-10 | 8.5 HIGH | N/A |
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. | |||||
CVE-2008-3898 | 1 Secustar | 1 Drivecrypt Plus Pack | 2023-12-10 | 2.1 LOW | N/A |
Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
CVE-2009-1718 | 1 Apple | 1 Safari | 2023-12-10 | 7.1 HIGH | N/A |
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | |||||
CVE-2009-4236 | 1 Ec-cube | 1 Ec-cube Ver2 | 2023-12-10 | 5.0 MEDIUM | N/A |
The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions. | |||||
CVE-2009-0434 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 1.9 LOW | N/A |
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. | |||||
CVE-2008-5322 | 1 Easy-script | 1 Wysi Wiki Wyg | 2023-12-10 | 7.8 HIGH | N/A |
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. | |||||
CVE-2008-2747 | 2 Microsoft, No-ip | 2 Windows, Dynamic Update Client | 2023-12-10 | 2.1 LOW | N/A |
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | |||||
CVE-2008-4638 | 1 Symantec | 1 Veritas File System | 2023-12-10 | 4.6 MEDIUM | N/A |
qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | |||||
CVE-2008-1578 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 2.1 LOW | N/A |
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
CVE-2008-4069 | 1 Mozilla | 2 Firefox, Seamonkey | 2023-12-10 | 5.0 MEDIUM | N/A |
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. | |||||
CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-3612 | 5 Canonical, Fedoraproject, Linux and 2 more | 7 Ubuntu Linux, Fedora, Linux Kernel and 4 more | 2023-12-10 | 2.1 LOW | N/A |
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. | |||||
CVE-2009-0678 | 1 Ravenphpscripts | 1 Ravennuke | 2023-12-10 | 5.0 MEDIUM | N/A |
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message. | |||||
CVE-2009-0348 | 1 Sun | 1 Java System Access Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | |||||
CVE-2008-3010 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." | |||||
CVE-2008-3902 | 1 Hp | 1 68dtt | 2023-12-10 | 2.1 LOW | N/A |
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104. | |||||
CVE-2008-3894 | 1 Ibm | 1 Lenovo 7cetb5ww | 2023-12-10 | 2.1 LOW | N/A |
IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
CVE-2009-2130 | 1 Elvinbts | 1 Elvinbts | 2023-12-10 | 5.0 MEDIUM | N/A |
Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request. | |||||
CVE-2009-2475 | 1 Sun | 2 Java Se, Openjdk | 2023-12-10 | 7.8 HIGH | N/A |
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. |