Total
246432 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1298 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.8 HIGH | N/A |
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function. | |||||
CVE-2008-2169 | 2 Avici, Hitachi | 4 Router, Gr2000, Gr3000 and 1 more | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
CVE-2008-7198 | 1 Alecwh | 1 Phpns | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors. | |||||
CVE-2008-2350 | 1 Bcoos | 1 Bcoos | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. | |||||
CVE-2009-0501 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors. | |||||
CVE-2008-5796 | 1 Typo3 | 2 Eluna Page Comments Extension, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-1428 | 1 Symantec | 4 Antivirus, Endpoint Protection, Norton 360 and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors." | |||||
CVE-2009-0416 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2023-12-10 | 6.9 MEDIUM | N/A |
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files. | |||||
CVE-2008-3565 | 1 Mrbs | 1 Mrbs | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-3409 | 1 Epic Games | 1 Unreal Tournament 3 | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c. | |||||
CVE-2008-6628 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-6268. Reason: This candidate is a duplicate of CVE-2008-6268. Notes: All CVE users should reference CVE-2008-6268 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2008-2567 | 1 Fenrir | 1 Grani | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism and favorites search, a different vulnerability than CVE-2007-6002. | |||||
CVE-2008-2391 | 1 Codeplex | 1 Subsonic | 2023-12-10 | 7.8 HIGH | N/A |
SubSonic allows remote attackers to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1. | |||||
CVE-2009-1555 | 1 Cisco | 1 Wvc54gca | 2023-12-10 | 5.0 MEDIUM | N/A |
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390. | |||||
CVE-2008-1671 | 1 Kde | 1 Kde | 2023-12-10 | 4.6 MEDIUM | N/A |
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. | |||||
CVE-2008-3869 | 1 Sun | 1 Solaris | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. | |||||
CVE-2008-2715 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. | |||||
CVE-2009-2430 | 1 Sun | 2 Opensolaris, Solaris | 2023-12-10 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors. | |||||
CVE-2008-2662 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2023-12-10 | 10.0 HIGH | N/A |
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. | |||||
CVE-2008-4073 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. |