Export limit exceeded: 362814 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 26227 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26227 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4693 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | ||||
| CVE-2009-4496 | 1 Boa | 1 Boa | 2026-04-23 | N/A |
| Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | ||||
| CVE-2009-2691 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2026-04-23 | N/A |
| The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. | ||||
| CVE-2009-4326 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | ||||
| CVE-2007-3716 | 1 Sun | 2 Jdk, Jre | 2026-04-23 | N/A |
| The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. | ||||
| CVE-2009-4327 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||||
| CVE-2008-1445 | 1 Microsoft | 3 Windows-nt, Windows 2003 Server, Windows Xp | 2026-04-23 | N/A |
| Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. | ||||
| CVE-2008-3896 | 1 Gnu | 1 Grub Legacy | 2026-04-23 | N/A |
| Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | ||||
| CVE-2009-0958 | 1 Apple | 2 Iphone Os, Ipod Touch | 2026-04-23 | N/A |
| Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | ||||
| CVE-2009-2470 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | ||||
| CVE-2009-0081 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." | ||||
| CVE-2007-4450 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier. | ||||
| CVE-2006-6956 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | ||||
| CVE-2007-2748 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | ||||
| CVE-2007-4567 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2026-04-23 | N/A |
| The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | ||||
| CVE-2008-1118 | 1 Netopia | 1 Timbuktu Pro | 2026-04-23 | N/A |
| Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. | ||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | ||||
| CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | ||||
| CVE-2008-6555 | 1 Puppetmaster | 1 Webutil | 2026-04-23 | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | ||||
| CVE-2007-5555 | 1 Symantec | 1 Altiris Deployment Solution | 2026-04-23 | N/A |
| Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||