Export limit exceeded: 361492 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361492 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-6662 | 2 Avg, Linux | 2 Avg Anti-virus, Linux Kernel | 2026-04-23 | N/A |
| AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via a malformed UPX compressed file, which triggers memory corruption. | ||||
| CVE-2009-0209 | 1 Osisoft | 1 Pi Server | 2026-04-23 | N/A |
| PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. | ||||
| CVE-2009-0562 | 1 Microsoft | 3 Isa Server, Office, Office Web Components | 2026-04-23 | N/A |
| The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." | ||||
| CVE-2008-4215 | 1 Apple | 1 Mac Os X Server | 2026-04-23 | N/A |
| Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. | ||||
| CVE-2008-6663 | 1 Phpauctions | 1 Phpauctions | 2026-04-23 | N/A |
| SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106. | ||||
| CVE-2008-4217 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. | ||||
| CVE-2008-6666 | 1 Kronos | 1 Kronos Webta | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown. | ||||
| CVE-2008-4218 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. | ||||
| CVE-2008-6667 | 1 Marc Melvin | 1 A\+ Php Scripts News Management System | 2026-04-23 | N/A |
| A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. | ||||
| CVE-2009-0214 | 1 Areva | 1 E-terrahabitat | 2026-04-23 | N/A |
| Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022. | ||||
| CVE-2008-4219 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. | ||||
| CVE-2008-6668 | 1 Dirk Bartley | 1 Nweb2fax | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php. | ||||
| CVE-2008-2462 | 1 Caucho | 1 Resin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
| CVE-2008-3329 | 1 Twibright | 1 Links | 2026-04-23 | N/A |
| Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." | ||||
| CVE-2008-2463 | 1 Microsoft | 1 Office Snapshot Viewer Activex | 2026-04-23 | N/A |
| The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2008-4220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. | ||||
| CVE-2008-4221 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. | ||||
| CVE-2008-4222 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. | ||||
| CVE-2008-4229 | 1 Apple | 2 Iphone Os, Ipod Touch | 2026-04-23 | N/A |
| Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | ||||