Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1671 1 Kde 1 Kde 2026-04-23 N/A
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
CVE-2008-1672 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2026-04-23 N/A
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
CVE-2008-1673 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-04-23 N/A
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
CVE-2008-1676 2 Netscape, Redhat 2 Certificate Management System, Certificate System 2026-04-23 N/A
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
CVE-2008-1677 1 Redhat 2 Directory Server, Fedora Directory Server 2026-04-23 N/A
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
CVE-2008-1681 1 Ibm 1 Db2 Content Manager 2026-04-23 N/A
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
CVE-2008-1682 1 Elearningforce 1 Online Flashquiz 2026-04-23 N/A
PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter.
CVE-2008-1684 1 Sun 1 Solaris 2026-04-23 N/A
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
CVE-2008-1685 1 Gnu 1 Gcc 2026-04-23 N/A
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)
CVE-2008-1687 1 Gnu 1 M4 2026-04-23 N/A
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
CVE-2008-1689 1 Seattle Lab Software 1 Slmail Pro 2026-04-23 N/A
Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party information.
CVE-2008-1690 1 Seattle Lab Software 1 Slmail Pro 2026-04-23 N/A
WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.
CVE-2008-1691 1 Seattle Lab Software 1 Slmail Pro 2026-04-23 N/A
Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information.
CVE-2008-1692 1 Eterm 1 Eterm 2026-04-23 N/A
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2008-1693 2 Poppler, Redhat 2 Poppler, Enterprise Linux 2026-04-23 N/A
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
CVE-2008-1694 1 Gnu 2 Emacs, Sccs 2026-04-23 N/A
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2008-1696 1 Dazphp 1 Dazphpnews 2026-04-23 N/A
Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.
CVE-2008-1698 1 Ventrian 1 Simple Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gallery 2.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1699 1 Desiquintans 1 Writers Block Cms 2026-04-23 N/A
SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter.
CVE-2008-1700 1 Interwoven 1 Worksite Web 2026-04-23 N/A
The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service (memory consumption) via a large number of SendNrlLink directives, which opens a separate window for each directive.