Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7672 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0868 | 3 Fujitsu, Microsoft, Sun | 3 Jasmine2000, Windows, Solaris | 2024-11-21 | N/A |
| CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2009-0849 | 3 Linux, Microsoft, Novastor | 3 Linux Kernel, Windows, Novanet | 2024-11-21 | N/A |
| Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0778 | 4 Linux, Microsoft, Redhat and 1 more | 9 Linux Kernel, Windows, Enterprise Linux and 6 more | 2024-11-21 | N/A |
| The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." | ||||
| CVE-2009-0714 | 5 Hp, Microsoft, Novell and 2 more | 5 Data Protector Express, Windows, Netware and 2 more | 2024-11-21 | N/A |
| Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets. | ||||
| CVE-2009-0522 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2024-11-21 | N/A |
| Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." | ||||
| CVE-2009-0438 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2024-11-21 | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. | ||||
| CVE-2009-0437 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2024-11-21 | N/A |
| The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file. | ||||
| CVE-2009-0321 | 2 Apple, Microsoft | 2 Safari, Windows | 2024-11-21 | N/A |
| Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. | ||||
| CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2024-11-21 | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-0114 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2024-11-21 | N/A |
| Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." | ||||
| CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2024-11-21 | N/A |
| Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | ||||
| CVE-2008-7292 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2024-11-21 | N/A |
| Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. | ||||
| CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-11-21 | N/A |
| The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | ||||
| CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2024-11-21 | N/A |
| Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | ||||
| CVE-2008-6194 | 1 Microsoft | 1 Windows | 2024-11-21 | N/A |
| Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. | ||||
| CVE-2008-5787 | 2 Arabportal, Microsoft | 2 Arab Portal, Windows | 2024-11-21 | N/A |
| Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action. | ||||
| CVE-2008-5518 | 2 Apache, Microsoft | 2 Geronimo, Windows | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet. | ||||
| CVE-2008-5415 | 3 Broadcom, Ca, Microsoft | 3 Arcserve Backup, Arcserve Backup, Windows | 2024-11-21 | N/A |
| The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. | ||||
| CVE-2008-5412 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2024-11-21 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | ||||
| CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2024-11-21 | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | ||||