Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4691 | Denial-Of-Service vulnerability in IBM DB2 8.2/9.1 Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | 5.0 |
| 2008-10-22 | CVE-2008-4688 | Information Exposure vulnerability in Mantis core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. | 5.0 |
| 2008-10-22 | CVE-2008-4685 | Resource Management Errors vulnerability in Wireshark Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | 5.0 |
| 2008-10-22 | CVE-2008-4684 | Resource Management Errors vulnerability in Wireshark packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. | 4.3 |
| 2008-10-22 | CVE-2008-4683 | Resource Management Errors vulnerability in Wireshark The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | 5.0 |
| 2008-10-22 | CVE-2008-4682 | Improper Input Validation vulnerability in Wireshark wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | 5.0 |
| 2008-10-22 | CVE-2008-4681 | Improper Input Validation vulnerability in Wireshark Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | 4.3 |
| 2008-10-22 | CVE-2008-4680 | Resource Management Errors vulnerability in Wireshark packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | 4.3 |
| 2008-10-22 | CVE-2008-4679 | Improper Authentication vulnerability in IBM Websphere Application Server The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. | 6.8 |
| 2008-10-22 | CVE-2008-4677 | Credentials Management vulnerability in VIM Netrw autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. | 4.3 |