Total
11419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5117 | 1 Sun | 1 Java System Identity Manager | 2026-06-16 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2008-5105 | 1 Karjasoft | 1 Sami Ftp Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands. | |||||
| CVE-2008-5077 | 1 Openssl | 1 Openssl | 2026-06-16 | 5.8 MEDIUM | N/A |
| OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | |||||
| CVE-2008-5023 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2026-06-16 | 7.5 HIGH | N/A |
| Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. | |||||
| CVE-2008-5014 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2026-06-16 | 10.0 HIGH | N/A |
| jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. | |||||
| CVE-2008-5002 | 1 Chilkat Software | 1 Chilkat Crypt Activex Control | 2026-06-16 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4999 | 1 Nortel | 1 Unistim Ip Phone | 2026-06-16 | 7.8 HIGH | N/A |
| Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. | |||||
| CVE-2008-4934 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2026-06-16 | 7.8 HIGH | N/A |
| The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. | |||||
| CVE-2008-4932 | 1 Comingchina | 1 U-mail Webmail Server | 2026-06-16 | 9.0 HIGH | N/A |
| webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root. | |||||
| CVE-2008-4930 | 1 Mybb | 1 Mybb | 2026-06-16 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. | |||||
| CVE-2008-4927 | 1 Microsoft | 1 Windows Media Player | 2026-06-16 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4919 | 1 Visagesoft | 1 Expert Pdf Viewer Activex | 2026-06-16 | 8.8 HIGH | N/A |
| Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. | |||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2026-06-16 | 10.0 HIGH | N/A |
| The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
| CVE-2008-4907 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 4.3 MEDIUM | N/A |
| The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." | |||||
| CVE-2008-4878 | 1 Mywebcards | 1 Webcards | 2026-06-16 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | |||||
| CVE-2008-4824 | 1 Adobe | 1 Flash Player | 2026-06-16 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." | |||||
| CVE-2008-4817 | 1 Adobe | 3 Acrobat, Acrobat Reader, Download Manager | 2026-06-16 | 9.3 HIGH | N/A |
| The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. | |||||
| CVE-2008-4814 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2026-06-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." | |||||
| CVE-2008-4812 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2026-06-16 | 9.3 HIGH | N/A |
| Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. | |||||
| CVE-2008-4794 | 1 Opera | 1 Opera | 2026-06-16 | 9.3 HIGH | N/A |
| Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. | |||||