Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7173 | 1 Juracapecoffee | 2 Internet Connectivity Kit, Jura Impressa | 2025-04-09 | 10.0 HIGH | N/A |
| The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage. | |||||
| CVE-2009-4438 | 1 Ibm | 1 Db2 | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | |||||
| CVE-2008-3105 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 8.3 HIGH | N/A |
| Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. | |||||
| CVE-2007-5040 | 1 Ghostsecurity | 1 Ghost Security Suite | 2025-04-09 | 2.1 LOW | N/A |
| Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks. | |||||
| CVE-2007-4694 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | |||||
| CVE-2008-1625 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2025-04-09 | 6.8 MEDIUM | N/A |
| aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. | |||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2025-04-09 | 4.7 MEDIUM | N/A |
| Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. | |||||
| CVE-2007-2138 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2025-04-09 | 6.0 MEDIUM | N/A |
| Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." | |||||
| CVE-2009-4331 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
| The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | |||||
| CVE-2007-6246 | 2 Adobe, Linux | 2 Flash Player, Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
| Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | |||||
| CVE-2008-1834 | 1 Swfdec | 1 Swfdec | 2025-04-09 | 4.3 MEDIUM | N/A |
| swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file. | |||||
| CVE-2008-0375 | 1 Oki Printing Solutions | 1 C5510 Mfp Printer | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. | |||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2008-0580 | 1 Geert Moernaut | 2 Lsrunase, Supercrypt | 2025-04-09 | 2.1 LOW | N/A |
| Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering. | |||||
| CVE-2008-2314 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.4 MEDIUM | N/A |
| Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. | |||||
| CVE-2007-3782 | 1 Mysql | 1 Community Server | 2025-04-09 | 3.5 LOW | N/A |
| MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | |||||
| CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2025-04-09 | 5.0 MEDIUM | N/A |
| MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | |||||
| CVE-2008-2232 | 1 Afuse | 1 Afuse | 2025-04-09 | 4.6 MEDIUM | N/A |
| The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname. | |||||
| CVE-2008-7111 | 1 Kyoceramita | 1 Scanner File Utility | 2025-04-09 | 9.3 HIGH | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109. | |||||
| CVE-2007-4746 | 1 Cisco | 3 Video Surveillance Ip Gateway Encoder Decoder, Video Surveillance Sp Isp, Video Surveillance Sp Isp Decoder Software | 2025-04-09 | 9.0 HIGH | N/A |
| The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681. | |||||