Total
27847 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3855 | 1 Ibm | 1 Tivoli Storage Manager | 2009-11-18 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors. | |||||
| CVE-2009-3836 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2009-11-09 | 6.1 MEDIUM | N/A |
| ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame. | |||||
| CVE-2009-3818 | 2 Stanislas Rolland, Typo3 | 2 Sr Freecap, Typo3 | 2009-10-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
| CVE-2009-2942 | 2 Mysql, Mysql-ocaml | 2 Mysql, Mysql-ocaml | 2009-10-27 | 7.5 HIGH | N/A |
| The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
| CVE-2009-2943 | 2 Ocaml, Postgresql | 2 Postgresql-ocaml, Postgresql | 2009-10-23 | 7.5 HIGH | N/A |
| The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||
| CVE-2009-3706 | 1 Sun | 2 Opensolaris, Solaris | 2009-10-16 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system call. | |||||
| CVE-2007-5619 | 1 Vmware | 1 Server | 2009-10-14 | 7.2 HIGH | N/A |
| Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges. | |||||
| CVE-2000-1241 | 1 Sips | 1 Sips | 2009-10-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system (SIPS) before 0.2.4 has an unknown impact and attack vectors, related to a "grave security fault." | |||||
| CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2009-10-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3160 | 1 Ibm | 1 Websphere Mq | 2009-10-01 | 8.8 HIGH | N/A |
| IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue. | |||||
| CVE-2009-2873 | 1 Cisco | 1 Ios | 2009-10-01 | 7.1 HIGH | N/A |
| Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889. | |||||
| CVE-2009-2871 | 1 Cisco | 1 Ios | 2009-10-01 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002. | |||||
| CVE-2009-2870 | 1 Cisco | 1 Ios | 2009-10-01 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880. | |||||
| CVE-2009-2868 | 1 Cisco | 1 Ios | 2009-10-01 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997. | |||||
| CVE-2009-3089 | 1 Ibm | 1 Tivoli Directory Server | 2009-10-01 | 7.8 HIGH | N/A |
| IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3353 | 2 Drupal, Steve Lockwood | 2 Drupal, Node2node | 2009-09-29 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-3445 | 1 Code-crafters | 1 Ability Mail Server | 2009-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command. | |||||
| CVE-2009-3344 | 2 Microsoft, Sap | 2 Windows Xp, Crystal Reports Server | 2009-09-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3346 | 1 Sap | 1 Crystal Reports Server | 2009-09-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3339 | 1 Mcafee | 1 Email And Web Security Appliance | 2009-09-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||