CVE Daily
← All years

Uncategorized 2009

Page 14/15.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2009-02-10
High

CVE-2009-0469

Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2008-6073

StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details…

CVSS: 4.9CWE: CWE-310
Read more
Medium

CVE-2008-6072

Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CI…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-0501

Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user acco…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-0498

Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to gu…

CVSS: 5.0CWE: CWE-264
Read more
2009-02-09
Low

CVE-2009-0489

The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly includin…

CVSS: 2.1CWE: CWE-16
Read more
Medium

CVE-2008-6098

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2009-0480

The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of servi…

CVSS: 4.9CWE: CWE-189
Read more
2009-02-08
Critical

CVE-2009-0214

Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022.

CVSS: 9.0CWE: N/A
Read more
High

CVE-2009-0213

Unspecified vulnerability in the NETIO application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32021.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2009-0212

Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32020.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2009-0211

Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2009-0477

Unspecified vulnerability in the process (aka proc) filesystem in Sun OpenSolaris snv_85 through snv_100 allows local users to gain privileges via vectors related to the contract filesystem.

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2009-0206

Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVSS: 4.9CWE: N/A
Read more
2009-02-06
High

CVE-2002-2431

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered fun…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-2430

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by th…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2008-6085

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives,…

CVSS: 7.6CWE: CWE-189
Read more
Medium

CVE-2008-6082

Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2008-6079

imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap an…

CVSS: 10.0CWE: N/A
Read more
2009-02-05
Medium

CVE-2008-6065

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated us…

CVSS: 5.1CWE: CWE-264
Read more
Critical

CVE-2009-0062

Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2…

CVSS: 9.0CWE: CWE-264
Read more
Medium

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attacke…

CVSS: 5.0CWE: CWE-264
Read more
2009-02-04
Medium

CVE-2009-0419

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2009-0388

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly exe…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2009-0355

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attacke…

CVSS: 5.4CWE: CWE-264
Read more
Critical

CVE-2009-0353

Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and app…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2009-0352

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corrupti…

CVSS: 10.0CWE: CWE-399
Read more
Medium

CVE-2008-6057

Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-6055

PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-6054

PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-6053

PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-6052

PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-6051

MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request.

CVSS: 5.0CWE: CWE-264
Read more
2009-02-03
Low

CVE-2009-0415

Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD…

CVSS: 3.7CWE: N/A
Read more
Critical

CVE-2009-0414

Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.

CVSS: 10.0CWE: CWE-399
Read more
Medium

CVE-2009-0411

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive inf…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2009-0399

Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properl…

CVSS: 7.5CWE: CWE-16
Read more
Medium

CVE-2009-0276

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2008-4914

Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot…

CVSS: 4.7CWE: N/A
Read more
2009-02-02
Critical

CVE-2009-0389

Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString met…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2008-6024

Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of…

CVSS: 5.4CWE: CWE-399
Read more
Critical

CVE-2008-6021

Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd pa…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2009-0385

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2009-0382

Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restr…

CVSS: 4.3CWE: CWE-264
Read more
2009-01-30
Medium

CVE-2009-0374

Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickja…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2009-0370

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2009-0369

Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Cl…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2008-6008

hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct reque…

CVSS: 5.0CWE: CWE-264
Read more
2009-01-29
Medium

CVE-2009-0346

The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (…

CVSS: 4.9CWE: CWE-310
Read more
Critical

CVE-2009-0345

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM l…

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2009-0344

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM l…

CVSS: 10.0CWE: CWE-264
Read more
High

CVE-2009-0343

Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a po…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2009-0342

Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2009-0336

Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a di…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2009-0328

ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the…

CVSS: 5.0CWE: CWE-264
Read more
2009-01-28
Medium

CVE-2009-0322

drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies ze…

CVSS: 4.9CWE: CWE-189
Read more
Medium

CVE-2009-0319

Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or poss…

CVSS: 6.9CWE: N/A
Read more
High

CVE-2008-6001

index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2008-6000

The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial…

CVSS: 7.2CWE: CWE-399
Read more
Medium

CVE-2009-0318

Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory,…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2009-0317

Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working d…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2009-0316

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2009-0315

Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerabil…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2008-5987

Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in t…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2008-5986

Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows loc…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2008-5985

Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2008-5984

Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working…

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2009-0042

Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008…

CVSS: 10.0CWE: N/A
Read more
2009-01-27
High

CVE-2009-0304

The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficien…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2009-0301

Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1)…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2009-0282

Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a deni…

CVSS: 9.3CWE: CWE-189
Read more
High

CVE-2009-0277

Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vec…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2008-5981

PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5980

Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.

CVSS: 5.0CWE: CWE-264
Read more
2009-01-23
Medium

CVE-2008-5956

Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct reque…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5951

ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/tem…

CVSS: 5.0CWE: CWE-264
Read more
2009-01-22
Critical

CVE-2009-0259

The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2009-0253

Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2008-3820

Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root ac…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2009-0250

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2009-0249

Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request…

CVSS: 5.0CWE: CWE-264
Read more
2009-01-21
High

CVE-2009-0243

Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2…

CVSS: 7.2CWE: CWE-16
Read more
Critical

CVE-2009-0006

Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie f…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-0005

Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2008-5935

Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for da…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5932

CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a dir…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5931

The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwo…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5929

VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2008-5925

ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.md…

CVSS: 5.0CWE: CWE-264
Read more
Low

CVE-2009-0240

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

CVSS: 3.5CWE: CWE-264
Read more
Medium

CVE-2009-0031

Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via…

CVSS: 4.9CWE: CWE-399
Read more
Medium

CVE-2008-5916

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to exec…

CVSS: 4.6CWE: CWE-264
Read more
Critical

CVE-2009-0219

The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.…

CVSS: 9.3CWE: CWE-399
Read more
2009-01-20
High

CVE-2009-0180

Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2009-0179

libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2009-0178

Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2008-5915

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote att…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2008-5914

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote atta…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2008-5913

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only…

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2008-5912

An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2008-2368

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these file…

CVSS: 2.1CWE: CWE-255
Read more
Low

CVE-2008-2367

Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2007-6720

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain play…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-0177

vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware AC…

CVSS: 5.0CWE: CWE-399
Read more
2009-01-16
Critical

CVE-2009-0171

The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System…

CVSS: 10.0CWE: CWE-264
Read more
Medium

CVE-2009-0170

Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by vi…

CVSS: 6.0CWE: CWE-255
Read more
Critical

CVE-2009-0169

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as am…

CVSS: 9.0CWE: CWE-264
Read more
Medium

CVE-2009-0168

Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2009-0167

Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2009-0054

PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2…

CVSS: 4.3CWE: CWE-255
Read more
Medium

CVE-2009-0053

PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2…

CVSS: 4.3CWE: CWE-310
Read more
High

CVE-2008-5910

Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown impact and local attack vectors, related to a "Temporary file vulnerability," aka Bug ID 6653462.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2008-5909

Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown impact and local attack vectors, related to improper handling of temporary files, aka Bug ID 6655641.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2008-5908

Unspecified vulnerability in the root/boot archive tool in Sun OpenSolaris has unknown impact and local attack vectors, related to a "Temporary file vulnerability," aka Bug ID 6653455.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2009-0136

Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application cr…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-0134

Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1…

CVSS: 9.3CWE: N/A
Read more
2009-01-15
Medium

CVE-2009-0132

Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer valu…

CVSS: 4.9CWE: CWE-189
Read more
Medium

CVE-2009-0131

The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite…

CVSS: 4.9CWE: N/A
Read more
>