Total
8078 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4821 | 2 Adobe, Mozilla | 4 Flash Player, Camino, Firefox and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. | |||||
CVE-2008-5683 | 1 Opera | 1 Opera Browser | 2025-04-09 | 7.8 HIGH | N/A |
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | |||||
CVE-2009-0842 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-09 | 4.3 MEDIUM | N/A |
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink. | |||||
CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2025-04-09 | 5.0 MEDIUM | N/A |
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | |||||
CVE-2009-0143 | 1 Apple | 1 Itunes | 2025-04-09 | 4.3 MEDIUM | N/A |
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. | |||||
CVE-2007-5550 | 1 Cisco | 1 Ios | 2025-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-1782 | 1 Advanced Software Engineering | 1 Chartdirector | 2025-04-09 | 5.0 MEDIUM | N/A |
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. | |||||
CVE-2009-0229 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | 4.9 MEDIUM | N/A |
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." | |||||
CVE-2008-4216 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files." | |||||
CVE-2009-0320 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-09 | 4.0 MEDIUM | N/A |
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." | |||||
CVE-2008-5346 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 7.1 HIGH | N/A |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. | |||||
CVE-2008-5460 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 2.6 LOW | N/A |
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors. | |||||
CVE-2008-3900 | 1 Intel | 1 Bios | 2025-04-09 | 2.1 LOW | N/A |
Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
CVE-2007-5934 | 1 Pear | 1 Structures Datagrid Datasource Mdb2 | 2025-04-09 | 4.3 MEDIUM | N/A |
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. | |||||
CVE-2008-3138 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. | |||||
CVE-2008-6722 | 1 Novell | 1 Access Manager | 2025-04-09 | 1.9 LOW | N/A |
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. | |||||
CVE-2007-1194 | 1 Norman | 1 Norman Sandbox Analyzer | 2025-04-09 | 2.1 LOW | N/A |
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. | |||||
CVE-2008-3474 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." | |||||
CVE-2008-2517 | 1 Sarab | 1 Sarab | 2025-04-09 | 2.1 LOW | N/A |
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
CVE-2009-1076 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. |