Export limit exceeded: 26247 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26247 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1803 | 1 Maildwarf | 1 Maildwarf | 2026-04-23 | N/A |
| Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses. | ||||
| CVE-2007-6036 | 1 Live555 | 1 Media Server | 2026-04-23 | N/A |
| The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. | ||||
| CVE-2007-6019 | 2 Adobe, Redhat | 5 Air, Flash, Flash Player and 2 more | 2026-04-23 | N/A |
| Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. | ||||
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2026-04-23 | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | ||||
| CVE-2007-3656 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. | ||||
| CVE-2009-2516 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | 7.1 High |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." | ||||
| CVE-2009-0580 | 2 Apache, Redhat | 8 Tomcat, Certificate System, Enterprise Linux and 5 more | 2026-04-23 | N/A |
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||||
| CVE-2008-6492 | 1 Tizag | 1 Tizag Countdown Creator | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5507 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. | ||||
| CVE-2008-6742 | 1 Gofoxy | 1 Foxy | 2026-04-23 | N/A |
| Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. | ||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2026-04-23 | N/A |
| Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2008-4559 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205. | ||||
| CVE-2007-6417 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | ||||
| CVE-2007-5029 | 1 Dibbler | 1 Dibbler | 2026-04-23 | N/A |
| Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options. | ||||
| CVE-2008-3680 | 1 Flagship Industries | 1 Ventrilo | 2026-04-23 | N/A |
| The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784. | ||||
| CVE-2007-3755 | 1 Apple | 2 Iphone, Iphone Os | 2026-04-23 | N/A |
| Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | ||||
| CVE-2007-3757 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2026-04-23 | N/A |
| Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | ||||
| CVE-2008-0555 | 1 Apache-ssl | 1 Apache-ssl | 2026-04-23 | N/A |
| The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. | ||||
| CVE-2008-6497 | 1 Tp | 1 Neostrada Livebox Adsl Router | 2026-04-23 | N/A |
| The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. | ||||
| CVE-2009-0545 | 1 Zeroshell | 1 Zeroshell | 2026-04-23 | N/A |
| cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. | ||||