Total
5247 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1227 | 1 Mcafee | 1 Virex | 2025-04-09 | 6.6 MEDIUM | N/A |
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. | |||||
CVE-2007-6434 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function. | |||||
CVE-2009-1597 | 2 Adobe, Mozilla | 2 Acrobat Reader, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||
CVE-2009-0436 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.2 HIGH | N/A |
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. | |||||
CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2025-04-09 | 5.0 MEDIUM | N/A |
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | |||||
CVE-2007-6619 | 1 Atlassian | 1 Jira | 2025-04-09 | 7.5 HIGH | N/A |
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. | |||||
CVE-2009-1716 | 1 Apple | 1 Safari | 2025-04-09 | 2.1 LOW | N/A |
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. | |||||
CVE-2008-0372 | 1 8e6 | 1 R3000 Internet Filter | 2025-04-09 | 5.0 MEDIUM | N/A |
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. | |||||
CVE-2008-3872 | 1 Adobe | 1 Flash Player | 2025-04-09 | 9.3 HIGH | N/A |
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. | |||||
CVE-2009-0024 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions. | |||||
CVE-2008-1361 | 1 Vmware | 6 Ace, Player, Server and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362. | |||||
CVE-2008-2019 | 1 Simple Machines | 1 Smf | 2025-04-09 | 7.5 HIGH | N/A |
Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. | |||||
CVE-2009-0760 | 1 Team5 | 1 Team Board | 2025-04-09 | 5.0 MEDIUM | N/A |
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb. | |||||
CVE-2007-6416 | 1 Xen | 1 Xen | 2025-04-09 | 4.6 MEDIUM | N/A |
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations. | |||||
CVE-2008-1628 | 1 Linux | 1 Audit | 2025-04-09 | 4.1 MEDIUM | N/A |
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2079 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | |||||
CVE-2008-7157 | 1 Ekinboard | 1 Ekinboard | 2025-04-09 | 6.8 MEDIUM | N/A |
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/. | |||||
CVE-2009-3286 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. | |||||
CVE-2008-3064 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 10.0 HIGH | N/A |
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." | |||||
CVE-2008-5504 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.5 HIGH | N/A |
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. |