Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2835 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. | ||||
| CVE-2009-4381 | 1 Texmedia | 1 Million Pixel Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | ||||
| CVE-2006-6295 | 1 Mxbb | 1 Mx Tinies | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2009-2837 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | ||||
| CVE-2009-2838 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. | ||||
| CVE-2006-6296 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2026-04-23 | N/A |
| The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. | ||||
| CVE-2009-2839 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||||
| CVE-2009-4382 | 1 Phpfaber | 1 Phpfaber Content Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter. | ||||
| CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | ||||
| CVE-2006-6298 | 1 Maxiasp | 1 Yonetimi | 2026-04-23 | N/A |
| SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters. | ||||
| CVE-2009-4383 | 1 Rocomotion | 1 P Forum | 2026-04-23 | N/A |
| Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. | ||||
| CVE-2009-2841 | 1 Apple | 2 Mac Os X, Safari | 2026-04-23 | N/A |
| The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. | ||||
| CVE-2009-2842 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. | ||||
| CVE-2009-2843 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. | ||||
| CVE-2009-2844 | 1 Linux | 2 Kernel, Linux Kernel | 2026-04-23 | N/A |
| cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability. | ||||
| CVE-2009-4384 | 1 Scriptsez | 1 Ez Poll Hoster | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php. | ||||
| CVE-2009-2846 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. | ||||
| CVE-2009-4385 | 1 Scriptsez | 1 Ez Poll Hoster | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php. | ||||
| CVE-2009-2847 | 2 Linux, Redhat | 6 Kernel, Linux, Linux Kernel and 3 more | 2026-04-23 | N/A |
| The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. | ||||