Export limit exceeded: 346169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5081 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2026-04-23 | N/A |
| The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. | ||||
| CVE-2008-5180 | 1 Microsoft | 1 Office Communicator | 2026-04-23 | 5.3 Medium |
| Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. | ||||
| CVE-2009-2668 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. | ||||
| CVE-2009-4044 | 2 Bruno Massa, Drupal | 2 Web Services, Drupal | 2026-04-23 | N/A |
| The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. | ||||
| CVE-2008-5082 | 1 Redhat | 2 Dogtag Certificate System, Certificate System | 2026-04-23 | N/A |
| The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key. | ||||
| CVE-2008-5181 | 1 Microsoft | 1 Office Communicator | 2026-04-23 | N/A |
| Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. | ||||
| CVE-2009-2669 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | ||||
| CVE-2008-5086 | 2 Libvirt, Redhat | 2 Libvirt, Rhel Virtualization | 2026-04-23 | N/A |
| Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions. | ||||
| CVE-2008-5182 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2026-04-23 | N/A |
| The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | ||||
| CVE-2009-2672 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2026-04-23 | N/A |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2008-5088 | 1 Knowledgebase-script | 1 Phpkb Knowledge Base Software | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909. | ||||
| CVE-2008-5089 | 1 Datadynamics | 1 Activereports | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method. | ||||
| CVE-2009-4045 | 1 Frontaccounting | 1 Frontaccounting | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/. | ||||
| CVE-2008-5090 | 1 Anelectron | 1 Advanced Electron Forum | 2026-04-23 | N/A |
| Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch. | ||||
| CVE-2008-5091 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter." | ||||
| CVE-2008-5092 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header. | ||||
| CVE-2008-5093 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2008-5183 | 4 Apple, Debian, Opensuse and 1 more | 6 Cups, Mac Os X, Mac Os X Server and 3 more | 2026-04-23 | 7.5 High |
| cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||||
| CVE-2008-5094 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors. | ||||
| CVE-2008-5184 | 1 Apple | 1 Cups | 2026-04-23 | N/A |
| The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | ||||