Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5850 | 2009-01-14 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was originally recorded for a "SPLAT Remote Root Exploit" that was claimed to exist for Check Point SmartCenter. The claim has no actionable details and was disclosed by a person of unknown reliability who did not coordinate with the vendor. No people of known reliability have confirmed the original claim. The vendor has not indicated that they are aware of any vulnerability. Since the claim has no actionable details or independent verification, it is outside the scope of CVE according to current inclusion criteria. | |||||
| CVE-2008-5435 | 1 Punbb | 1 Punbb | 2009-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. | |||||
| CVE-2009-0121 | 1 Goople Cms | 1 Goople Cms | 2009-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5891 | 1 Injader | 1 Injader | 2009-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0066 | 1 Intel | 1 Trusted Execution Technology | 2009-01-07 | 7.6 HIGH | N/A |
| Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2005-2946 | 1 Openssl | 1 Openssl | 2009-01-06 | 5.0 MEDIUM | N/A |
| The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | |||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2009-01-05 | 4.6 MEDIUM | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-5842 | 1 Fujitsu-siemens | 1 Webtransactions | 2009-01-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application." | |||||
| CVE-2008-4270 | 2008-12-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5416. Reason: This candidate is a duplicate of CVE-2008-5416. Notes: All CVE users should reference CVE-2008-5416 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-5385 | 1 Ibm | 1 Aix | 2008-12-16 | 6.9 MEDIUM | N/A |
| enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-5386 | 1 Ibm | 1 Aix | 2008-12-16 | 6.9 MEDIUM | N/A |
| Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2008-0701 | 1 Magnolia | 1 Ce | 2008-12-16 | 5.0 MEDIUM | N/A |
| ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | |||||
| CVE-2008-5618 | 1 Rsyslog | 1 Rsyslog | 2008-12-16 | 5.0 MEDIUM | N/A |
| imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages. | |||||
| CVE-2008-5370 | 1 Pvpgn | 1 Pvpgn | 2008-12-15 | 6.9 MEDIUM | N/A |
| pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. | |||||
| CVE-2008-5421 | 1 Netwin | 1 Smsgate | 2008-12-11 | 5.0 MEDIUM | N/A |
| The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. | |||||
| CVE-2008-1335 | 1 Netbsd | 2 Netbsd, Netbsd Current | 2008-12-09 | 9.3 HIGH | N/A |
| The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905. | |||||
| CVE-2008-5367 | 1 Marco D\'itri | 1 Ppp-udeb | 2008-12-08 | 6.9 MEDIUM | N/A |
| ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. | |||||
| CVE-2008-5369 | 1 No-ip | 1 No-ip2 | 2008-12-08 | 6.9 MEDIUM | N/A |
| noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. | |||||
| CVE-2008-5372 | 1 Jonas Smedegaard | 1 Sdm-terminal | 2008-12-08 | 6.9 MEDIUM | N/A |
| sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. | |||||
| CVE-2008-5376 | 1 Crip | 1 Crip | 2008-12-08 | 6.9 MEDIUM | N/A |
| editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. | |||||