Total
268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6282 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-09 | 7.1 HIGH | N/A |
| The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | |||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2025-04-09 | 2.6 LOW | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | |||||
| CVE-2007-5422 | 1 Sun | 1 Sunos | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2008-1662 | 1 Hp | 2 Hp-ux, System Administration Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list." | |||||
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2025-04-09 | 9.3 HIGH | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
| CVE-2009-0641 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 9.3 HIGH | N/A |
| sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. | |||||
| CVE-2009-1104 | 1 Sun | 1 Java | 2025-04-09 | 5.8 MEDIUM | N/A |
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. | |||||
| CVE-2008-1525 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address. | |||||
| CVE-2009-2357 | 1 Yasinkaplan | 1 Tekradius | 2025-04-09 | 10.0 HIGH | N/A |
| The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system. | |||||
| CVE-2007-1692 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-09 | 7.5 HIGH | N/A |
| The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. | |||||
| CVE-2008-5710 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. | |||||
| CVE-2008-4099 | 1 Debian | 2 Linux, Python-dns | 2025-04-09 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2007-6409 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-09 | 4.3 MEDIUM | N/A |
| The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic. | |||||
| CVE-2008-1392 | 2 Microsoft, Vmware | 4 Windows, Ace, Player and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors. | |||||
| CVE-2007-4074 | 2 Centre For Speech Technology Research, Suse | 2 Gentoo Linux, Suse Linux | 2025-04-09 | 10.0 HIGH | N/A |
| The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others. | |||||
| CVE-2007-5375 | 1 Sun | 1 Java Virtual Machine | 2025-04-09 | 2.6 LOW | N/A |
| Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM. | |||||
| CVE-2009-1648 | 1 Suse | 1 Suse Linux | 2025-04-09 | 7.5 HIGH | N/A |
| The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services. | |||||
| CVE-2009-2089 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
| The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. | |||||
| CVE-2007-6131 | 1 Redhat | 1 Fedora Core | 2025-04-09 | 2.1 LOW | N/A |
| buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. | |||||
| CVE-2008-4609 | 12 Bsd, Bsdi, Cisco and 9 more | 22 Bsd, Bsd Os, Catalyst Blade Switch 3020 and 19 more | 2025-04-09 | 7.1 HIGH | N/A |
| The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | |||||