CVE-2008-2291

CVE-2023-52884 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago

CVE-2008-2291 - axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. ...
5 years ago

Hackers Use Fake Job Ads to Steal Cryptocurrency from the Industry - Once the Enigma loader is executed, it begins the process of registering and downloading the second-stage payload. This malware is constantly being developed, so the attacker can use the logging server to improve its performance. The downloader, ...
2 years ago Trendmicro.com CVE-2015-2291

CVE-2016-2291 - Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. ...
3 years ago

CVE-1999-1039 - Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise. ...
16 years ago

CVE-2009-2291 - Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified ...
15 years ago

CVE-2011-2291 - Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions. ...
13 years ago

CVE-2012-2291 - EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. ...
12 years ago

CVE-2005-2291 - Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. ...
8 years ago

CVE-2015-2851 - client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. ...
8 years ago

CVE-2006-2291 - Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained ...
7 years ago

CVE-2002-2291 - Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow. ...
7 years ago

CVE-2010-2291 - Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third ...
7 years ago

CVE-2015-2291 - (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) ...
7 years ago

CVE-2014-2291 - Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows ...
7 years ago

CVE-2004-2291 - Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. ...
3 years ago

CVE-2007-2291 - CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. ...
3 years ago

CVE-2022-2291 - A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the ...
2 years ago

CVE-2021-2291 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the ...
2 years ago

CVE-2023-2291 - Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that ...
2 years ago

CVE-2020-2291 - Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. ...
1 year ago

CVE-2018-2291 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

CVE-2024-2291 - ...
1 year ago

CVE-2022-49363 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on block address in f2fs_do_zero_range() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215894 I have encountered a bug in ...
3 months ago Tenable.com

CVE-2025-2291 - Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password ...
1 month ago