Export limit exceeded: 35440 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35440 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3092 | 1 Asus | 1 Asus Wl-500w | 2026-04-23 | N/A |
| Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-4916 | 2 Emc, Vmware | 7 Vmware Player, Vmware Ace, Vmware Esx and 4 more | 2026-04-23 | N/A |
| Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors. | ||||
| CVE-2008-0075 | 1 Microsoft | 1 Internet Information Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | ||||
| CVE-2008-4873 | 1 Sepal | 1 Spboard | 2026-04-23 | N/A |
| board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action. | ||||
| CVE-2008-3891 | 1 Google | 1 Google Apps | 2026-04-23 | N/A |
| The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | ||||
| CVE-2008-3979 | 1 Oracle | 1 Database 10g | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger. | ||||
| CVE-2007-3845 | 2 Microsoft, Mozilla | 4 Windows Xp, Firefox, Seamonkey and 1 more | 2026-04-23 | 8.8 High |
| Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." | ||||
| CVE-2008-6470 | 1 Clansphere | 1 Clansphere | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3969 | 2 Bitlbee, Fedoraproject | 2 Bitlbee, Fedora | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | ||||
| CVE-2009-2491 | 1 Sun | 1 Ray Server Software | 2026-04-23 | N/A |
| The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks." | ||||
| CVE-2008-3982 | 1 Oracle | 3 Database 10g, Database 11i, Database 9i | 2026-04-23 | N/A |
| Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984. | ||||
| CVE-2009-0627 | 1 Cisco | 3 Nexus 5000, Nexus 7000, Nx-os | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. | ||||
| CVE-2008-3104 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. | ||||
| CVE-2009-3096 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-5509 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06. | ||||
| CVE-2009-0588 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2026-04-23 | N/A |
| agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field. | ||||
| CVE-2010-0336 | 1 Typo3 | 2 Kiddog Mysqldumper, Typo3 | 2026-04-23 | N/A |
| Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2008-7194 | 1 Fujitsu | 1 Interstage Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. | ||||
| CVE-2008-3934 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | ||||
| CVE-2008-7191 | 1 Pps.jussieu | 1 Polipo | 2026-04-23 | N/A |
| Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL. | ||||