Total
35885 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2026-06-16 | 5.0 MEDIUM | N/A |
| The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. | |||||
| CVE-2008-4117 | 1 Sun | 1 Management Center | 2026-06-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2008-4111 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors. | |||||
| CVE-2008-4109 | 2 Debian, Openbsd | 2 Linux, Openssh | 2026-06-16 | 5.0 MEDIUM | N/A |
| A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. | |||||
| CVE-2008-4095 | 1 Flip4mac | 1 Flip4mac Wmv | 2026-06-16 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713. | |||||
| CVE-2008-4071 | 2 Adobe, Microsoft | 3 Acrobat, Internet Explorer, Windows Vista | 2026-06-16 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | |||||
| CVE-2008-4064 | 1 Mozilla | 1 Firefox | 2026-06-16 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. | |||||
| CVE-2008-4063 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2026-06-16 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. | |||||
| CVE-2008-4062 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2026-06-16 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. | |||||
| CVE-2008-4057 | 1 Objective Development | 1 Sharity | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem." | |||||
| CVE-2008-4047 | 1 Novell | 1 Novell Forum | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515. | |||||
| CVE-2008-4017 | 1 Oracle | 1 Application Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2008-4016 | 1 Oracle | 1 Collaboration Suite | 2026-06-16 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2008-4015 | 1 Oracle | 1 Database 10g | 2026-06-16 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH. | |||||
| CVE-2008-4014 | 1 Oracle | 1 Application Server | 2026-06-16 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2008-4013 | 1 Oracle | 1 Bea Product Suite | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2008-4012 | 1 Oracle | 1 Weblogic Workshop | 2026-06-16 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI pageflows." | |||||
| CVE-2008-4011 | 1 Oracle | 1 Bea Product Suite | 2026-06-16 | 2.1 LOW | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors. | |||||
| CVE-2008-4010 | 1 Oracle | 1 Bea Product Suite | 2026-06-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags." | |||||
| CVE-2008-4009 | 1 Oracle | 1 Bea Product Suite | 2026-06-16 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
