Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7652 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-4788 1 Ibm 1 Tivoli Directory Server 2011-04-21 4.0
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search.
CVE-2011-1154 1 Gentoo 1 Logrotate 2011-04-21 6.9
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically...
CVE-2011-1309 1 Ibm 1 Websphere Application Server 2011-04-07 7.5
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.
CVE-2011-0160 1 Apple 3 Iphone Os, Safari, Webkit 2011-03-31 5.0
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
CVE-2011-0159 1 Apple 1 Iphone Os 2011-03-31 5.0
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.
CVE-2011-0019 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2011-03-31 7.5
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have...
CVE-2011-1320 1 Ibm 1 Websphere Application Server 2011-03-29 6.8
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete...
CVE-2008-7286 1 Ibm 1 Lotus Quickr 2011-03-24 3.5
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.
CVE-2011-0190 1 Apple 3 Mac Os X, Mac Os X Server, Installer 2011-03-23 4.3
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic...
CVE-2010-4759 1 Otrs 1 Otrs 2011-03-22 4.0
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.
CVE-2011-1428 1 Flashtux 1 Weechat 2011-03-22 5.8
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat...
CVE-2010-4766 1 Otrs 1 Otrs 2011-03-22 4.3
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic...
CVE-2010-4767 1 Otrs 1 Otrs 2011-03-22 5.0
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of...
CVE-2008-7278 1 Otrs 1 Otrs 2011-03-22 5.0
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail...
CVE-2008-7280 1 Otrs 1 Otrs 2011-03-22 5.0
Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail...
CVE-2009-5056 1 Otrs 1 Otrs 2011-03-22 2.1
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket,...
CVE-2011-0431 1 Openafs 1 Openafs 2011-03-11 5.0
The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. ...
CVE-2008-4224 1 Apple 2 Mac Os X, Mac Os X Server 2011-03-08 7.1
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.
CVE-2008-2172 1 Hitachi 3 Gr3000, Gr2000, Gr4000 2011-03-08 7.1
Unspecified vulnerability in Hitachi GR routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.
CVE-2008-2171 1 Alaxala 1 Ax Router 2011-03-08 7.1
Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372.