Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3298 | 1 Mahara | 1 Mahara | 2009-11-04 | 6.5 MEDIUM | N/A |
| Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. | |||||
| CVE-2009-3369 | 1 Craig Barratt | 1 Backuppc | 2009-10-31 | 8.5 HIGH | N/A |
| CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore. | |||||
| CVE-2009-2911 | 1 Systemtap | 1 Systemtap | 2009-10-31 | 1.9 LOW | N/A |
| SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. | |||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2009-10-19 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2009-3472 | 1 Ibm | 1 Db2 | 2009-10-14 | 6.5 MEDIUM | N/A |
| IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | |||||
| CVE-2002-1877 | 1 Netgear | 1 Fm114p | 2009-10-14 | 7.5 HIGH | N/A |
| NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. | |||||
| CVE-2005-0970 | 1 Apple | 1 Mac Os X | 2009-10-14 | 7.6 HIGH | N/A |
| Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. | |||||
| CVE-2009-3589 | 1 Inotify | 1 Incron | 2009-10-08 | 4.6 MEDIUM | N/A |
| incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table. | |||||
| CVE-2009-3568 | 3 Dave Reid, Drupal, Gabor Hojtsy | 3 Commentrss, Drupal, Commentrss | 2009-10-08 | 5.0 MEDIUM | N/A |
| Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | |||||
| CVE-2009-1078 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 4.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact. | |||||
| CVE-2009-1077 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 6.5 MEDIUM | N/A |
| The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password. | |||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2009-10-01 | 4.3 MEDIUM | N/A |
| The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. | |||||
| CVE-2008-7229 | 1 Greensql | 1 Greensql Firewall | 2009-09-14 | 7.5 HIGH | N/A |
| GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). | |||||
| CVE-2009-2737 | 1 Toni Mueller | 1 Roundup | 2009-08-26 | 5.5 MEDIUM | N/A |
| The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users. | |||||
| CVE-2009-1896 | 2 Fedoraproject, Sun | 2 Fedora, Openjdk | 2009-08-26 | 10.0 HIGH | N/A |
| The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. | |||||
| CVE-2009-2056 | 1 Cisco | 1 Ios Xr | 2009-08-21 | 3.3 LOW | N/A |
| Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path. | |||||
| CVE-2009-2859 | 1 Ibm | 1 Db2 | 2009-08-20 | 4.6 MEDIUM | N/A |
| IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | |||||
| CVE-2008-7002 | 1 Php | 1 Php | 2009-08-19 | 7.2 HIGH | N/A |
| PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation. | |||||
| CVE-2009-2712 | 1 Sun | 3 Java System Access Manager, Java System Web Server, Opensso Enterprise | 2009-08-15 | 2.1 LOW | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | |||||
| CVE-2009-2669 | 1 Ibm | 1 Aix | 2009-08-12 | 7.2 HIGH | N/A |
| A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | |||||