Total
6504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1440 | 1 Microsoft | 2 Windows, Windows Xp | 2018-10-12 | 7.1 HIGH | N/A |
| Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." | |||||
| CVE-2018-10510 | 2 Microsoft, Trendmicro | 2 Windows, Control Manager | 2018-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2018-10-11 | 5.0 MEDIUM | N/A |
| Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | |||||
| CVE-2008-6194 | 1 Microsoft | 1 Windows | 2018-10-11 | 7.8 HIGH | N/A |
| Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. | |||||
| CVE-2008-5787 | 2 Arabportal, Microsoft | 2 Arab Portal, Windows | 2018-10-11 | 5.4 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action. | |||||
| CVE-2008-5518 | 2 Apache, Microsoft | 2 Geronimo, Windows | 2018-10-11 | 9.4 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet. | |||||
| CVE-2008-5315 | 2 Apple, Microsoft | 2 Iphone Configuration Web Utility, Windows | 2018-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2008-4278 | 2 Microsoft, Vmware | 3 Windows, Virtual Infrastructure Client, Virtualcenter | 2018-10-11 | 2.1 LOW | N/A |
| VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. | |||||
| CVE-2008-4473 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters. | |||||
| CVE-2008-3897 | 2 Freed0m, Microsoft | 2 Disckcryptor, Windows | 2018-10-11 | 2.1 LOW | N/A |
| DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2018-10-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. | |||||
| CVE-2008-3365 | 2 Microsoft, Pixelpost | 7 Windows, Windows-nt, Windows 2000 and 4 more | 2018-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. | |||||
| CVE-2008-2747 | 2 Microsoft, No-ip | 2 Windows, Dynamic Update Client | 2018-10-11 | 2.1 LOW | N/A |
| No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values. | |||||
| CVE-2008-2099 | 2 Microsoft, Vmware | 5 Windows, Ace 2, Vmware Player 2 and 2 more | 2018-10-11 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2008-1402 | 2 Mg-soft, Microsoft | 2 Net Inspector, Windows | 2018-10-11 | 7.1 HIGH | N/A |
| MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine). | |||||
| CVE-2008-1392 | 2 Microsoft, Vmware | 4 Windows, Ace, Player and 1 more | 2018-10-11 | 10.0 HIGH | N/A |
| The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors. | |||||
| CVE-2008-1302 | 2 Microsoft, Perforce | 2 Windows, Perforce Server | 2018-10-11 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | |||||
| CVE-2018-14735 | 3 Hitachi, Linux, Microsoft | 8 Command Suite, Compute Systems Manager, Device Manager and 5 more | 2018-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message. | |||||
| CVE-2010-4294 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2018-10-10 | 9.3 HIGH | N/A |
| The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. | |||||
| CVE-2010-3976 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. | |||||