Total
27484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5445 | 1 Oracle | 1 Secure Backup | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference. | |||||
| CVE-2008-5440 | 1 Oracle | 1 Timesten In-memory Database | 2018-10-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module. | |||||
| CVE-2008-5349 | 1 Sun | 2 Jdk, Jre | 2018-10-11 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. | |||||
| CVE-2008-5182 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 6.9 MEDIUM | N/A |
| The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | |||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2018-10-11 | 10.0 HIGH | N/A |
| The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
| CVE-2008-4306 | 1 Ubuntu | 1 Linux | 2018-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence. | |||||
| CVE-2008-4000 | 2 Jdedwards, Oracle | 4 Enterpriseone, Jd Edwards Enterpriseone, Peoplesoft Enterprise and 1 more | 2018-10-11 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct. | |||||
| CVE-2008-3979 | 1 Oracle | 1 Database 10g | 2018-10-11 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger. | |||||
| CVE-2008-3934 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 3.3 LOW | N/A |
| Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | |||||
| CVE-2008-3882 | 1 Zoneminder | 1 Zoneminder | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. | |||||
| CVE-2008-3852 | 1 Ibm | 1 Db2 Universal Database | 2018-10-11 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-3552 | 1 Nokia | 1 Series 40 | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-3551 | 1 Sun | 2 Java Platform Micro Edition, Wireless Toolkit | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-3373 | 1 Grisoft | 1 Avg Antivirus | 2018-10-11 | 5.0 MEDIUM | N/A |
| The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | |||||
| CVE-2008-3232 | 1 Dotclear | 1 Dotclear | 2018-10-11 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | |||||
| CVE-2008-3174 | 1 Computer Associates | 3 Host Based Intrusion Prevention System, Internet Security Suite, Personal Firewall | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation." | |||||
| CVE-2008-3141 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. | |||||
| CVE-2008-3140 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." | |||||
| CVE-2008-3139 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. | |||||
| CVE-2008-3138 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. | |||||