Export limit exceeded: 363090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1539 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5416 1 Drupal 1 Drupal 2026-04-23 N/A
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
CVE-2007-5747 2 Redhat, Sun 2 Enterprise Linux, Openoffice.org 2026-04-23 N/A
Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.
CVE-2008-6085 1 F-secure 17 F-secure Anti-virus, F-secure Anti-virus For Citrix Servers, F-secure Anti-virus For Microsoft Exchange and 14 more 2026-04-23 N/A
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
CVE-2007-6067 3 Postgresql, Redhat, Tcl Tk 4 Postgresql, Enterprise Linux, Rhel Application Stack and 1 more 2026-04-23 N/A
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
CVE-2007-6261 1 Apple 1 Mac Os X 2026-04-23 N/A
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
CVE-2007-6276 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
CVE-2007-6359 1 Apple 1 Mac Os X 2026-04-23 N/A
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
CVE-2009-2826 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-2838 1 Apple 1 Mac Os X 2026-04-23 N/A
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
CVE-2008-6661 2 Bitdefender, Linux 2 Bitdefender Antivirus, Linux Kernel 2026-04-23 N/A
Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE file.
CVE-2007-1536 2 File, Redhat 2 File, Enterprise Linux 2026-04-23 N/A
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
CVE-2008-6670 1 Vertex4 1 Sunage 2026-04-23 N/A
Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960.
CVE-2008-6671 1 Vertex4 1 Sunage 2026-04-23 N/A
Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted join packet to UDP port 27960.
CVE-2008-6672 1 Vertex4 1 Sunage 2026-04-23 N/A
Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service ("runtime error") via a crafted join packet to UDP port 27960, probably related to an invalid nickname command.
CVE-2008-6680 1 Clamav 1 Clamav 2026-04-23 N/A
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
CVE-2008-0051 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
CVE-2008-0070 1 Orb Networks 1 Orb 2026-04-23 N/A
Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.
CVE-2008-0073 2 Redhat, Xine 2 Fedora, Xine-lib 2026-04-23 N/A
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
CVE-2008-6995 1 Google 1 Chrome 2026-04-23 N/A
Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.
CVE-2008-0486 2 Mplayer, Xine 2 Mplayer, Xine-lib 2026-04-23 N/A
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.