Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2776 | 1 Sellatsite.com | 1 Smart Asp Survey | 2009-08-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2009-2712 | 1 Sun | 3 Java System Access Manager, Java System Web Server, Opensso Enterprise | 2009-08-14 | 2.1 LOW | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | |||||
| CVE-2009-2713 | 1 Sun | 2 Java System Access Manager, Java System Web Server | 2009-08-14 | 4.3 MEDIUM | N/A |
| The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-3120 | 2009-08-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3363. Reason: This candidate is a duplicate of CVE-2008-3363. Notes: All CVE users should reference CVE-2008-3363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-2771 | 1 Freearcadescript | 1 Free Arcade Script | 2009-08-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/. | |||||
| CVE-2009-0907 | 2009-08-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1899. Reason: This candidate is a duplicate of CVE-2009-1899. Notes: All CVE users should reference CVE-2009-1899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-2086 | 2009-08-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1900. Reason: This candidate is a duplicate of CVE-2009-1900. Notes: All CVE users should reference CVE-2009-1900 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-2621 | 1 Squid-cache | 1 Squid | 2009-08-11 | 5.0 MEDIUM | N/A |
| Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. | |||||
| CVE-2009-2622 | 1 Squid-cache | 1 Squid | 2009-08-11 | 5.0 MEDIUM | N/A |
| Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. | |||||
| CVE-2009-2658 | 1 Znc | 1 Znc | 2009-08-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. | |||||
| CVE-2009-2659 | 1 Django Project | 1 Django | 2009-08-11 | 5.0 MEDIUM | N/A |
| The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. | |||||
| CVE-2009-2669 | 1 Ibm | 1 Aix | 2009-08-11 | 7.2 HIGH | N/A |
| A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | |||||
| CVE-2009-0888 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2009-08-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889. | |||||
| CVE-2009-0889 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2009-08-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888. | |||||
| CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2009-08-11 | 10.0 HIGH | N/A |
| The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | |||||
| CVE-2009-1426 | 1 Hp | 9 Proliant Dl120, Proliant Dl160, Proliant Dl165 and 6 more | 2009-08-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i (formerly Lights Out 100) 3.07 and earlier allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2009-1276 | 2 Gnome, Sun | 3 Gnome, Opensolaris, Solaris | 2009-08-10 | 2.1 LOW | N/A |
| XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | |||||
| CVE-2009-2727 | 1 Ibm | 1 Aix | 2009-08-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15. | |||||
| CVE-2009-1513 | 1 Konstanty Bialkowski | 1 Libmodplug | 2009-08-07 | 6.8 MEDIUM | N/A |
| Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name. | |||||
| CVE-2009-1603 | 1 Opensc-project | 1 Opensc | 2009-08-07 | 4.3 MEDIUM | N/A |
| src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | |||||