CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2008-5457 2009-01-14 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
402 CVE-2008-5456 2009-01-14 2012-10-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
403 CVE-2008-5455 2009-01-14 2012-10-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
404 CVE-2008-5454 2009-01-14 2012-10-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
405 CVE-2008-5452 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
406 CVE-2008-5451 2009-01-14 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.
407 CVE-2008-5450 2009-01-14 2012-10-23
1.2
None Local High Not required Partial None None
Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows local users to affect confidentiality via unknown vectors.
408 CVE-2008-5449 2009-01-14 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5448.
409 CVE-2008-5448 2009-01-14 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.
410 CVE-2008-5447 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
411 CVE-2008-5446 2009-01-14 2018-10-11
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.
412 CVE-2008-5445 DoS 2009-01-14 2018-10-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference.
413 CVE-2008-5444 2009-01-14 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449.
414 CVE-2008-5443 2009-01-14 2016-11-22
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442.
415 CVE-2008-5442 2009-01-14 2016-11-22
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5443.
416 CVE-2008-5441 2009-01-14 2016-11-22
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5442 and CVE-2008-5443.
417 CVE-2008-5440 2009-01-14 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.
418 CVE-2008-5439 2009-01-14 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors.
419 CVE-2008-5438 2009-01-14 2021-07-13
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
420 CVE-2008-5437 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB.
421 CVE-2008-5436 2009-01-14 2012-10-23
5.5
None Remote Low ??? None Partial Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors.
422 CVE-2008-5262 119 Exec Code Overflow 2009-01-13 2009-03-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.
423 CVE-2008-5260 119 Exec Code Overflow 2009-01-26 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.
424 CVE-2008-5082 287 Bypass 2009-01-30 2017-08-08
6.0
None Remote Medium ??? Partial Partial Partial
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
425 CVE-2008-5077 20 Bypass 2009-01-07 2018-10-11
5.8
None Remote Medium Not required None Partial Partial
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
426 CVE-2008-4835 94 Exec Code 2009-01-14 2019-02-26
10.0
None Remote Low Not required Complete Complete Complete
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
427 CVE-2008-4834 119 Exec Code Overflow 2009-01-14 2019-02-26
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
428 CVE-2008-4827 119 Exec Code Overflow 2009-01-08 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.
429 CVE-2008-4770 20 Exec Code 2009-01-16 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."
430 CVE-2008-4444 20 DoS Exec Code 2009-01-16 2018-10-11
7.1
None Remote Medium Not required None None Complete
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.
431 CVE-2008-4388 20 Exec Code 2009-01-20 2009-05-18
9.3
None Remote Medium Not required Complete Complete Complete
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
432 CVE-2008-4307 362 DoS 2009-01-13 2018-10-11
4.0
None Local High Not required None None Complete
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.
433 CVE-2008-4017 2009-01-14 2012-10-23
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.
434 CVE-2008-4016 2009-01-14 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.
435 CVE-2008-4015 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH.
436 CVE-2008-4014 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
437 CVE-2008-4007 2009-01-14 2012-10-23
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
438 CVE-2008-4006 2009-01-14 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
439 CVE-2008-3999 2009-01-14 2012-10-23
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
440 CVE-2008-3997 2009-01-14 2012-10-23
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO.
441 CVE-2008-3981 2009-01-14 2013-01-03
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.
442 CVE-2008-3979 +Priv Sql 2009-01-14 2018-10-11
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.
443 CVE-2008-3978 2009-01-14 2012-10-23
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
444 CVE-2008-3974 2009-01-14 2012-10-23
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
445 CVE-2008-3973 2009-01-14 2012-10-23
1.7
None Local Low ??? Partial None None
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
446 CVE-2008-3866 287 Bypass 2009-01-21 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
447 CVE-2008-3865 119 Exec Code Overflow 2009-01-21 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
448 CVE-2008-3864 20 DoS 2009-01-21 2018-10-11
5.0
None Remote Low Not required None None Partial
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
449 CVE-2008-3821 79 XSS 2009-01-16 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
450 CVE-2008-3820 2009-01-22 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
Total number of vulnerabilities : 467   Page : 1 2 3 4 5 6 7 8 9 (This Page)10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.