Export limit exceeded: 20401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 22045 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25411 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25411 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3002 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. | ||||
| CVE-2007-6513 | 1 Hp | 1 Esupportdiagnostics | 2026-04-23 | N/A |
| HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method. | ||||
| CVE-2008-1158 | 1 Cisco | 2 Unified Presence, Unified Presence Server | 2026-04-23 | N/A |
| The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. | ||||
| CVE-2008-1181 | 1 Juniper | 1 Secure Access 2000 | 2026-04-23 | N/A |
| Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. | ||||
| CVE-2007-3757 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2026-04-23 | N/A |
| Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | ||||
| CVE-2009-4106 | 1 Ohloh | 1 Agoko Cms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters. | ||||
| CVE-2009-4175 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2026-04-23 | N/A |
| CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message. | ||||
| CVE-2007-4459 | 1 Cisco | 2 Voip Phone Cp-7940, Voip Phone Cp-7960 | 2026-04-23 | N/A |
| Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. | ||||
| CVE-2007-5333 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2026-04-23 | N/A |
| Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. | ||||
| CVE-2009-3448 | 1 Bakbone | 1 Netvault | 2026-04-23 | N/A |
| npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-7139 | 1 Kde | 2 K-mail, Kde | 2026-04-23 | N/A |
| Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. | ||||
| CVE-2009-3549 | 2 Sun, Wireshark | 2 Sparc, Wireshark | 2026-04-23 | N/A |
| packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. | ||||
| CVE-2007-1793 | 1 Symantec | 8 Antivirus, Client Security, Norton 360 and 5 more | 2026-04-23 | N/A |
| SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. | ||||
| CVE-2009-3545 | 1 Datawizard | 1 Ftpxq Server | 2026-04-23 | N/A |
| DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command. | ||||
| CVE-2007-3850 | 3 Apple, Linux, Redhat | 3 Powerpc, Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. | ||||
| CVE-2007-0011 | 1 Citrix | 1 Access Gateway | 2026-04-23 | N/A |
| The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | ||||
| CVE-2007-4467 | 1 Oracle | 1 Jinitiator | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected. | ||||
| CVE-2007-6492 | 1 Imesh.com | 1 Imesh | 2026-04-23 | N/A |
| The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | ||||
| CVE-2007-6596 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | ||||
| CVE-2009-1609 | 1 Battleblog | 1 Battle Blog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | ||||