Export limit exceeded: 357323 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357323 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357323 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357323 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0876 | 2 Linux, Sun | 2 Linux Kernel, Xvm Virtualbox | 2026-04-23 | N/A |
| Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN. | ||||
| CVE-2009-0879 | 2 Ibm, Microsoft | 2 Director, Windows | 2026-04-23 | N/A |
| The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | ||||
| CVE-2008-4404 | 1 Ibm | 1 Zseries | 2026-04-23 | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | ||||
| CVE-2008-6721 | 1 Ajsquare | 1 Aj Article | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field). | ||||
| CVE-2009-0881 | 1 Josema Enzo | 1 Isiajax | 2026-04-23 | N/A |
| SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-0883 | 1 Amunak | 1 Blue Eye Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter. | ||||
| CVE-2008-6822 | 1 Newearthpt | 1 Imgupload | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6823 | 1 A-link | 2 Wl54ap2, Wl54ap3 | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup. | ||||
| CVE-2009-1907 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. | ||||
| CVE-2009-3946 | 1 Joomla | 1 Joomla\! | 2026-04-23 | N/A |
| Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | ||||
| CVE-2009-4487 | 1 F5 | 1 Nginx | 2026-04-23 | N/A |
| nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | ||||
| CVE-2009-4492 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Ruby, Webrick | 2026-04-23 | N/A |
| WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | ||||
| CVE-2009-2518 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability." | ||||
| CVE-2008-4405 | 2 Citrix, Redhat | 2 Xen, Enterprise Linux | 2026-04-23 | N/A |
| xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. | ||||
| CVE-2008-4554 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | ||||
| CVE-2009-0792 | 3 Argyllcms, Ghostscript, Redhat | 3 Argyllcms, Ghostscript, Enterprise Linux | 2026-04-23 | N/A |
| Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583. | ||||
| CVE-2008-4864 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2026-04-23 | N/A |
| Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | ||||
| CVE-2008-4993 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2026-04-23 | N/A |
| qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | ||||
| CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | ||||
| CVE-2009-4124 | 1 Ruby-lang | 1 Ruby | 2026-04-23 | N/A |
| Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information. | ||||