Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1301 | 1 Mpg123 | 1 Mpg123 | 2009-04-28 | 10.0 HIGH | N/A |
| Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0664 | 1 Mahara | 1 Mahara | 2009-04-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. | |||||
| CVE-2009-0715 | 1 Hp | 1 Storage Essentials | 2009-04-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors. | |||||
| CVE-2008-6722 | 1 Novell | 1 Access Manager | 2009-04-28 | 1.9 LOW | N/A |
| Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. | |||||
| CVE-2008-6176 | 2009-04-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-6171. Reason: This candidate is a duplicate of CVE-2008-6171. Notes: All CVE users should reference CVE-2008-6171 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-1155 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-27 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. | |||||
| CVE-2009-1156 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-27 | 5.7 MEDIUM | N/A |
| Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. | |||||
| CVE-2009-1157 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-27 | 7.8 HIGH | N/A |
| Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet. | |||||
| CVE-2009-1158 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-27 | 7.8 HIGH | N/A |
| Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet. | |||||
| CVE-2009-1159 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-27 | 7.8 HIGH | N/A |
| Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets. | |||||
| CVE-2009-1160 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2009-04-27 | 4.3 MEDIUM | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. | |||||
| CVE-2009-1285 | 1 Phpmyadmin | 1 Phpmyadmin | 2009-04-27 | 7.5 HIGH | N/A |
| Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. | |||||
| CVE-2009-1332 | 1 Sun | 1 Java System Directory Server | 2009-04-27 | 5.0 MEDIUM | N/A |
| The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors. | |||||
| CVE-2009-0716 | 1 Hp | 1 Storageworks Storage Mirroring | 2009-04-27 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors. | |||||
| CVE-2009-0717 | 1 Hp | 1 Storageworks Storage Mirroring | 2009-04-27 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2009-0718 | 1 Hp | 1 Storageworks Storage Mirroring | 2009-04-27 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-6682 | 1 Apache | 1 Struts | 2009-04-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag. | |||||
| CVE-2009-0307 | 1 Rim | 1 Blackberry Enterprise Server | 2009-04-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. | |||||
| CVE-2009-1443 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2009-04-27 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors. | |||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2009-04-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | |||||