Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2009-06-09 CVE-2009-0949 Use of Uninitialized Resource vulnerability in multiple products
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
network
low complexity
apple canonical debian opensuse suse CWE-908
7.5
2009-06-08 CVE-2008-6828 Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
local
low complexity
symantec CWE-312
7.8
2009-06-08 CVE-2008-6827 Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
local
low complexity
symantec CWE-306
7.8
2009-06-08 CVE-2009-1955 XML Entity Expansion vulnerability in multiple products
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
7.5
2009-05-13 CVE-2009-0152 Cleartext Storage of Sensitive Information vulnerability in Apple mac OS X and mac OS X Server
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
apple CWE-312
7.5
2009-05-11 CVE-2009-1603 Cleartext Storage of Sensitive Information vulnerability in multiple products
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
network
low complexity
opensc-project fedoraproject CWE-312
7.5
2009-03-30 CVE-2009-0115 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
7.8
2009-03-19 CVE-2009-0964 Cleartext Storage of Sensitive Information vulnerability in Xlinesoft PHPrunner 4.2
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges.
network
low complexity
xlinesoft CWE-312
7.5
2009-03-02 CVE-2009-0749 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.
local
low complexity
optipng-project suse opensuse CWE-416
7.8
2009-02-20 CVE-2009-0658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
local
low complexity
adobe CWE-119
7.8