Total
22706 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4294 | 1 Sun | 1 Ray Server Software | 2009-12-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. | |||||
CVE-2009-4167 | 2 Lukas Taferner, Typo3 | 2 It Basetag, Typo3 | 2009-12-06 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | |||||
CVE-2009-4190 | 1 Sun | 1 Opensolaris | 2009-12-03 | 7.8 HIGH | N/A |
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-4162 | 2 Mauro Lorenzutti, Typo3 | 2 Wfqbe, Typo3 | 2009-12-02 | 7.2 HIGH | N/A |
Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2009-4160 | 2 Kurt Kunig, Typo3 | 2 Kk Downloader, Typo3 | 2009-12-02 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
CVE-2009-4153 | 1 Ibm | 1 Websphere Portal | 2009-12-02 | 7.5 HIGH | N/A |
Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory. | |||||
CVE-2009-3841 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2009-11-23 | 9.0 HIGH | N/A |
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
CVE-2009-3855 | 1 Ibm | 1 Tivoli Storage Manager | 2009-11-17 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors. | |||||
CVE-2009-3836 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2009-11-08 | 6.1 MEDIUM | N/A |
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame. | |||||
CVE-2009-3818 | 2 Stanislas Rolland, Typo3 | 2 Sr Freecap, Typo3 | 2009-10-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
CVE-2009-2942 | 2 Mysql, Mysql-ocaml | 2 Mysql, Mysql-ocaml | 2009-10-26 | 7.5 HIGH | N/A |
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
CVE-2009-2943 | 2 Ocaml, Postgresql | 2 Postgresql-ocaml, Postgresql | 2009-10-22 | 7.5 HIGH | N/A |
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
CVE-2009-3706 | 1 Sun | 2 Opensolaris, Solaris | 2009-10-16 | 4.4 MEDIUM | N/A |
Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system call. | |||||
CVE-2000-1241 | 1 Sips | 1 Sips | 2009-10-13 | 10.0 HIGH | N/A |
Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system (SIPS) before 0.2.4 has an unknown impact and attack vectors, related to a "grave security fault." | |||||
CVE-2007-5619 | 1 Vmware | 1 Server | 2009-10-13 | 7.2 HIGH | N/A |
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges. | |||||
CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2009-10-11 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | |||||
CVE-2009-2870 | 1 Cisco | 1 Ios | 2009-09-30 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880. | |||||
CVE-2009-2868 | 1 Cisco | 1 Ios | 2009-09-30 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997. | |||||
CVE-2009-2871 | 1 Cisco | 1 Ios | 2009-09-30 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002. | |||||
CVE-2009-2873 | 1 Cisco | 1 Ios | 2009-09-30 | 7.1 HIGH | N/A |
Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889. |