Total
10281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6207 | 1 Xensource Inc | 1 Xen | 2025-04-09 | 2.1 LOW | N/A |
| Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | |||||
| CVE-2008-4404 | 1 Ibm | 1 Zseries | 2025-04-09 | 10.0 HIGH | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | |||||
| CVE-2009-2993 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
| The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4106 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.1 MEDIUM | N/A |
| WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. | |||||
| CVE-2007-1155 | 1 Webspell | 1 Webspell | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. | |||||
| CVE-2008-1265 | 1 Linksys | 1 Wrt54g | 2025-04-09 | 7.8 HIGH | N/A |
| The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | |||||
| CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | 7.8 HIGH | N/A |
| The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | |||||
| CVE-2009-4086 | 1 Javascript | 1 Xerver Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0312 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
| The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.2 on Linux allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SecureWay 3.2 Event Registration Request (aka a 1.3.18.0.2.12.1 request). | |||||
| CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2025-04-09 | 4.3 MEDIUM | N/A |
| GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | |||||
| CVE-2008-6943 | 1 Scriptsfeed | 1 Recipes Listing Portal | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/. | |||||
| CVE-2006-5872 | 1 Dws Systems Inc. | 1 Sql-ledger | 2025-04-09 | 7.5 HIGH | N/A |
| login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. | |||||
| CVE-2008-4509 | 1 Foss Gallery | 1 Foss Gallery | 2025-04-09 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. | |||||
| CVE-2009-0859 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.7 MEDIUM | N/A |
| The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. | |||||
| CVE-2007-4927 | 1 Axis | 1 207w Network Camera | 2025-04-09 | 3.5 LOW | N/A |
| axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. | |||||
| CVE-2006-2220 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 5.0 MEDIUM | N/A |
| phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. | |||||
| CVE-2008-0071 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | |||||
| CVE-2006-5084 | 1 Skype Technologies | 1 Skype | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. | |||||
| CVE-2008-5077 | 1 Openssl | 1 Openssl | 2025-04-09 | 5.8 MEDIUM | N/A |
| OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | |||||
| CVE-2009-0057 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." | |||||