Export limit exceeded: 351129 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18286 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1127 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." | ||||
| CVE-2009-1132 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2026-04-23 | N/A |
| Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." | ||||
| CVE-2009-1140 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2026-04-23 | N/A |
| Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2009-1141 | 1 Microsoft | 3 Internet Explorer, Windows Server 2003, Windows Xp | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." | ||||
| CVE-2009-1217 | 1 Microsoft | 2 Gdi\+, Windows Xp | 2026-04-23 | N/A |
| Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." | ||||
| CVE-2009-1233 | 2 Apple, Microsoft | 2 Safari, Windows | 2026-04-23 | N/A |
| Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | ||||
| CVE-2009-1335 | 1 Microsoft | 3 Internet Explorer, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. | ||||
| CVE-2009-1394 | 2 Microsoft, Motorola | 2 Windows, Timbuktu Pro | 2026-04-23 | N/A |
| Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. | ||||
| CVE-2009-1511 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value. | ||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2026-04-23 | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | ||||
| CVE-2008-5044 | 1 Microsoft | 2 Windows Server 2003, Windows Vista | 2026-04-23 | N/A |
| Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. | ||||
| CVE-2008-4834 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." | ||||
| CVE-2008-4820 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2026-04-23 | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2008-4835 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | 9.8 Critical |
| SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." | ||||
| CVE-2008-5112 | 1 Microsoft | 2 Windows, Windows 2000 | 2026-04-23 | N/A |
| The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. | ||||
| CVE-2008-5415 | 3 Broadcom, Ca, Microsoft | 3 Arcserve Backup, Arcserve Backup, Windows | 2026-04-23 | N/A |
| The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. | ||||
| CVE-2008-7211 | 2 Microsoft, Soundblaster | 2 Windows Vista, Ensoniq Pci Es1371 Wdm Driver | 2026-04-23 | N/A |
| CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. | ||||
| CVE-2009-0229 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." | ||||
| CVE-2009-1537 | 1 Microsoft | 5 Directx, Windows 2000, Windows 2003 Server and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." | ||||
| CVE-2008-4473 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters. | ||||