Vulnerabilities (CVE)

Filtered by CWE-20
Total 10282 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3864 1 Trend Micro 3 Internet Security 2007, Internet Security 2008, Officescan 2025-04-09 5.0 MEDIUM N/A
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
CVE-2009-2513 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2025-04-09 7.2 HIGH N/A
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
CVE-2008-3244 1 F-prot 2 F-prot Antivirus, Scanning Engine 2025-04-09 4.3 MEDIUM N/A
The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read.
CVE-2008-5547 1 Hauri 1 Virobot 2025-04-09 9.3 HIGH N/A
HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-4340 1 Google 1 Chrome 2025-04-09 4.3 MEDIUM N/A
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
CVE-2009-0606 1 Openhandsetalliance 1 Android Sdk 2025-04-09 7.2 HIGH N/A
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.
CVE-2008-5887 1 Tincan 1 Phplist 2025-04-09 5.0 MEDIUM N/A
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
CVE-2009-2386 1 Awingsoft 1 Awakening Winds3d Viewer Plugin 2025-04-09 9.3 HIGH N/A
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
CVE-2006-6955 1 Opera 1 Opera Browser 2025-04-09 4.3 MEDIUM N/A
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
CVE-2008-2061 1 Cisco 1 Unified Communications Manager 2025-04-09 7.8 HIGH N/A
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
CVE-2008-0244 1 Sap 1 Maxdb 2025-04-09 10.0 HIGH N/A
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
CVE-2008-5535 2 Microsoft, Norman 2 Internet Explorer, Norman Antivirus \& Antispyware 2025-04-09 9.3 HIGH N/A
Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2008-2476 6 Force10, Freebsd, Juniper and 3 more 6 Ftos, Freebsd, Jnos and 3 more 2025-04-09 9.3 HIGH N/A
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
CVE-2009-3627 1 Derrick Oswald 1 Html-parser 2025-04-09 4.3 MEDIUM N/A
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
CVE-2008-1942 1 Foxit Software 1 Reader 2025-04-09 6.8 MEDIUM N/A
Foxit Reader 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with (1) a malformed ExtGState resource containing a /Font resource, or (2) an XObject resource with a Rotate setting, which triggers memory corruption. NOTE: this is probably a different vulnerability than CVE-2007-2186.
CVE-2007-4915 1 Boa 1 Boa Webserver 2025-04-09 10.0 HIGH N/A
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.
CVE-2007-5810 1 Hitachi 14 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Cosminexus Developer Light Version 6 and 11 more 2025-04-09 5.0 MEDIUM N/A
Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.
CVE-2009-2981 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
CVE-2008-1744 1 Cisco 2 Unified Callmanager, Unified Communications Manager 2025-04-09 7.8 HIGH N/A
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
CVE-2008-5581 1 Mini-pub 1 Mini-pub 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.