Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5891 | 1 Injader | 1 Injader | 2009-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0066 | 1 Intel | 1 Trusted Execution Technology | 2009-01-08 | 7.6 HIGH | N/A |
| Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2009-01-06 | 4.6 MEDIUM | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-5842 | 1 Fujitsu-siemens | 1 Webtransactions | 2009-01-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application." | |||||
| CVE-2008-5386 | 1 Ibm | 1 Aix | 2008-12-17 | 6.9 MEDIUM | N/A |
| Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2008-5385 | 1 Ibm | 1 Aix | 2008-12-17 | 6.9 MEDIUM | N/A |
| enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2008-0701 | 1 Magnolia | 1 Ce | 2008-12-17 | 5.0 MEDIUM | N/A |
| ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content. | |||||
| CVE-2008-5618 | 1 Rsyslog | 1 Rsyslog | 2008-12-17 | 5.0 MEDIUM | N/A |
| imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages. | |||||
| CVE-2008-5370 | 1 Pvpgn | 1 Pvpgn | 2008-12-16 | 6.9 MEDIUM | N/A |
| pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. | |||||
| CVE-2008-5421 | 1 Netwin | 1 Smsgate | 2008-12-12 | 5.0 MEDIUM | N/A |
| The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header. | |||||
| CVE-2008-1335 | 1 Netbsd | 2 Netbsd, Netbsd Current | 2008-12-10 | 9.3 HIGH | N/A |
| The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905. | |||||
| CVE-2008-5367 | 1 Marco D\'itri | 1 Ppp-udeb | 2008-12-09 | 6.9 MEDIUM | N/A |
| ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. | |||||
| CVE-2008-5372 | 1 Jonas Smedegaard | 1 Sdm-terminal | 2008-12-09 | 6.9 MEDIUM | N/A |
| sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. | |||||
| CVE-2008-5376 | 1 Crip | 1 Crip | 2008-12-09 | 6.9 MEDIUM | N/A |
| editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. | |||||
| CVE-2008-5379 | 1 Oliver Gorwits | 1 Netdisco Mibs Installer | 2008-12-09 | 6.9 MEDIUM | N/A |
| netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | |||||
| CVE-2008-5369 | 1 No-ip | 1 No-ip2 | 2008-12-09 | 6.9 MEDIUM | N/A |
| noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. | |||||
| CVE-2008-5331 | 1 Adobe | 1 Acrobat | 2008-12-05 | 7.5 HIGH | N/A |
| Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack. | |||||
| CVE-2007-6719 | 1 Inspector It | 1 Wiz-ad | 2008-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5148 | 1 Geda | 1 Gnetlist | 2008-12-03 | 6.9 MEDIUM | N/A |
| sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | |||||
| CVE-2008-5143 | 1 Mohammed Sameer | 1 Multi-gnome-terminal | 2008-12-03 | 6.9 MEDIUM | N/A |
| mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file. | |||||