Export limit exceeded: 23217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23217 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4823 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. | ||||
| CVE-2008-4824 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." | ||||
| CVE-2008-4933 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. | ||||
| CVE-2008-4934 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2025-04-09 | N/A |
| The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. | ||||
| CVE-2008-4993 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-09 | N/A |
| qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | ||||
| CVE-2008-5015 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | ||||
| CVE-2008-5016 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. | ||||
| CVE-2008-5017 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. | ||||
| CVE-2008-5018 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. | ||||
| CVE-2008-5019 | 4 Canonical, Debian, Mozilla and 1 more | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2025-04-09 | N/A |
| The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. | ||||
| CVE-2008-5021 | 8 Canonical, Debian, Fedoraproject and 5 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2025-04-09 | N/A |
| nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. | ||||
| CVE-2007-6417 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | ||||
| CVE-2008-5078 | 2 Gnu, Redhat | 2 Escript, Enterprise Linux | 2025-04-09 | N/A |
| Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename. | ||||
| CVE-2008-5161 | 3 Openbsd, Redhat, Ssh | 6 Openssh, Enterprise Linux, Tectia Client and 3 more | 2025-04-09 | N/A |
| Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||||
| CVE-2008-5286 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2025-04-09 | N/A |
| Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. | ||||
| CVE-2008-5303 | 2 Perl, Redhat | 3 File\, Perl, Enterprise Linux | 2025-04-09 | N/A |
| Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. | ||||
| CVE-2008-5339 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. | ||||
| CVE-2008-5340 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | ||||
| CVE-2008-5341 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. | ||||
| CVE-2008-5342 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | ||||