Export limit exceeded: 25441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25441 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1194 | 1 Norman | 1 Norman Sandbox Analyzer | 2026-04-23 | N/A |
| Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. | ||||
| CVE-2007-1202 | 1 Microsoft | 3 Word, Word Viewer, Works | 2026-04-23 | N/A |
| Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." | ||||
| CVE-2007-1237 | 1 Bj Sintay | 1 Sitex | 2026-04-23 | N/A |
| sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error. | ||||
| CVE-2007-1235 | 1 Bj Sintay | 1 Sitex | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file. | ||||
| CVE-2007-1257 | 1 Cisco | 10 Catalyst 6000 Ws-svc-nam-1, Catalyst 6000 Ws-svc-nam-2, Catalyst 6000 Ws-x6380-nam and 7 more | 2026-04-23 | N/A |
| The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. | ||||
| CVE-2007-1313 | 1 Netxautomation | 1 Netxeib | 2026-04-23 | N/A |
| NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. NOTE: the vectors might be limited to attackers with physical access. | ||||
| CVE-2007-1922 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. | ||||
| CVE-2007-1995 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2026-04-23 | N/A |
| bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | ||||
| CVE-2007-2022 | 3 Adobe, Opera, Redhat | 3 Flash Player, Opera Browser, Enterprise Linux | 2026-04-23 | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||||
| CVE-2007-3381 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2026-04-23 | N/A |
| The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/. | ||||
| CVE-2007-3382 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2026-04-23 | N/A |
| Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. | ||||
| CVE-2007-3385 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2026-04-23 | N/A |
| Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | ||||
| CVE-2007-3389 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. | ||||
| CVE-2007-3391 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. | ||||
| CVE-2007-3400 | 1 Nctsoft | 2 Nctaudioeditor, Nctaudiostudio | 2026-04-23 | N/A |
| The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method. | ||||
| CVE-2007-4514 | 1 Hp | 1 Procurve Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors. | ||||
| CVE-2007-4516 | 1 Symantec Veritas | 1 Storage Foundation | 2026-04-23 | N/A |
| The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. | ||||
| CVE-2007-4561 | 1 Realnetworks | 1 Helix Dna Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. | ||||
| CVE-2007-4567 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2026-04-23 | N/A |
| The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | ||||
| CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2026-04-23 | N/A |
| Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | ||||