Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1932 2 Microsoft, Realtek 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers 2026-04-23 N/A
Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request.
CVE-2008-1933 1 Microsoft 1 Zune Software 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run.
CVE-2008-1934 1 Crazy Goomba 1 Crazy Goomba 2026-04-23 N/A
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3530 1 Freebsd 1 Freebsd 2026-04-23 N/A
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.
CVE-2008-1935 1 Joomla 1 Joomla 2026-04-23 N/A
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
CVE-2008-1936 1 Classifieds Caffe 1 Classifieds Caffe 2026-04-23 N/A
SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.
CVE-2008-1937 1 Moinmoin 1 Moinmoin 2026-04-23 N/A
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
CVE-2008-1938 1 Sony 1 Mylo Com 2 2026-04-23 N/A
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks.
CVE-2008-1939 1 Aspindir 1 Philboard 2026-04-23 N/A
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920.
CVE-2008-1940 1 Grsecurity 1 Grsecurity Kernel Patch 2026-04-23 N/A
The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.
CVE-2008-1942 1 Foxit Software 1 Reader 2026-04-23 N/A
Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186.
CVE-2008-3531 1 Freebsd 1 Freebsd 2026-04-23 N/A
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."
CVE-2008-1944 2 Redhat, Xensource 4 Desktop, Enterprise Linux, Virtualization Server and 1 more 2026-04-23 N/A
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages."
CVE-2008-1946 2 Gnu, Redhat 2 Coreutils, Enterprise Linux 2026-04-23 N/A
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
CVE-2008-1947 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Network Satellite and 2 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
CVE-2008-1948 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2026-04-23 N/A
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
CVE-2008-1957 1 Easyscripts 1 Tr Script News 2026-04-23 N/A
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
CVE-2008-1950 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2026-04-23 N/A
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.
CVE-2008-1952 2 Redhat, Xensource 2 Enterprise Linux, Xen Para Virtualized Frame Buffer 2026-04-23 N/A
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.
CVE-2008-1953 1 Magnolia 1 Site Designer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.