Total
5246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5417 | 1 Hp | 2 Decnet Plus For Openvms, Openvms | 2025-04-09 | 2.1 LOW | N/A |
| HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services. | |||||
| CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | |||||
| CVE-2009-2793 | 1 Netbsd | 1 Netbsd | 2025-04-09 | 4.6 MEDIUM | N/A |
| The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. | |||||
| CVE-2009-1594 | 1 Armorlogic | 1 Profense Web Application Firewall | 2025-04-09 | 7.5 HIGH | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL. | |||||
| CVE-2008-1595 | 1 Ibm | 1 Aix | 2025-04-09 | 4.9 MEDIUM | N/A |
| The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information. | |||||
| CVE-2009-2690 | 1 Sun | 2 Java Se, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | |||||
| CVE-2008-2139 | 1 Rpath | 1 Appliance Platform Agent | 2025-04-09 | 6.5 MEDIUM | N/A |
| The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account. | |||||
| CVE-2009-4606 | 1 South River Technologies | 1 Webdrive | 2025-04-09 | 7.2 HIGH | N/A |
| South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | |||||
| CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.4 HIGH | N/A |
| Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | |||||
| CVE-2008-4507 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. | |||||
| CVE-2009-2705 | 2 Broadcom, Sun | 2 Siteminder, J2ee | 2025-04-09 | 4.3 MEDIUM | N/A |
| CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. | |||||
| CVE-2008-0038 | 1 Apple | 1 Mac Os X | 2025-04-09 | 1.9 LOW | N/A |
| Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | |||||
| CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
| xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | |||||
| CVE-2008-5283 | 1 Ghh | 1 Google Hack Honeypot File Upload Manager | 2025-04-09 | 6.4 MEDIUM | N/A |
| Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action. | |||||
| CVE-2009-2022 | 1 Fipsasp | 1 Fipscms Light | 2025-04-09 | 5.0 MEDIUM | N/A |
| fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb. | |||||
| CVE-2007-0729 | 1 Apple | 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2007-5171 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors. | |||||
| CVE-2009-0357 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | |||||
| CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2025-04-09 | 5.0 MEDIUM | N/A |
| Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | |||||
| CVE-2009-2461 | 1 Forkosh | 1 Mathtex | 2025-04-09 | 7.2 HIGH | N/A |
| mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors. | |||||