Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4923 1 Mw6 Technologies 1 Aztec Activex 2026-06-16 9.0 HIGH N/A
Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
CVE-2008-4916 2 Emc, Vmware 7 Vmware Player, Vmware Ace, Vmware Esx and 4 more 2026-06-16 4.6 MEDIUM N/A
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.
CVE-2008-4914 1 Vmware 2 Esx, Esxi 2026-06-16 4.7 MEDIUM N/A
Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.
CVE-2008-4910 1 Sun 1 Java Web Start 2026-06-16 10.0 HIGH N/A
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
CVE-2008-4873 1 Sepal 1 Spboard 2026-06-16 10.0 HIGH N/A
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
CVE-2008-4869 2 Ffmpeg, Mplayer 2 Ffmpeg, Mplayer 2026-06-16 10.0 HIGH N/A
FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak."
CVE-2008-4868 2 Ffmpeg, Mplayer 2 Ffmpeg, Mplayer 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."
CVE-2008-4841 1 Microsoft 4 Windows 2000, Windows Server 2003, Windows Xp and 1 more 2026-06-16 9.3 HIGH N/A
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
CVE-2008-4816 2 Adobe, Microsoft 4 Acrobat, Acrobat Reader, Download Manager and 1 more 2026-06-16 4.3 MEDIUM N/A
Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
CVE-2008-4809 1 Ibm 1 Lotus Connections 2026-06-16 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4793 1 Drupal 1 Drupal 2026-06-16 7.5 HIGH N/A
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
CVE-2008-4731 1 Michael Christen 1 Yacy 2026-06-16 10.0 HIGH N/A
Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors.
CVE-2008-4722 1 Sun 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more 2026-06-16 9.0 HIGH N/A
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.
CVE-2008-4721 1 Php Jabbers 1 Post Comment 2026-06-16 7.5 HIGH N/A
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
CVE-2008-4692 1 Ibm 1 Db2 2026-06-16 10.0 HIGH N/A
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.
CVE-2008-4691 1 Ibm 1 Db2 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.
CVE-2008-4690 1 Lynx 1 Lynx 2026-06-16 10.0 HIGH N/A
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
CVE-2008-4676 1 Citrix 3 Access Essentials, Presentation Server, Xenapp 2026-06-16 6.8 MEDIUM N/A
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain.
CVE-2008-4641 1 Sentex 1 Jhead 2026-06-16 10.0 HIGH N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
CVE-2008-4640 1 Sentex 1 Jhead 2026-06-16 3.6 LOW N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.