Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 31943 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5444 1 Oracle 1 Secure Backup 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449.
CVE-2006-4097 1 Cisco 1 Secure Access Control Server 2025-04-09 7.8 HIGH N/A
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
CVE-2009-2952 1 Sun 2 Opensolaris, Solaris 2025-04-09 4.9 MEDIUM N/A
Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2008-4690 1 Lynx 1 Lynx 2025-04-09 10.0 HIGH N/A
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
CVE-2007-0918 1 Cisco 1 Ios 2025-04-09 7.1 HIGH N/A
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
CVE-2008-4841 1 Microsoft 4 Windows 2000, Windows Server 2003, Windows Xp and 1 more 2025-04-09 9.3 HIGH N/A
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
CVE-2009-1966 1 Oracle 2 Database Server, Enterprise Manager 2025-04-09 5.5 MEDIUM N/A
Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1967.
CVE-2008-1814 1 Oracle 3 Application Server, Collaboration Suite, Database 2025-04-09 9.0 HIGH N/A
Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3 and 10.1.2.2; and Oracle Collaboration Suite 10.1.2; has unknown impact and remote attack vectors, aka DB04.
CVE-2009-2237 2 Drupal, Karim Ratib 2 Drupal, Views Bulk Operations 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions).
CVE-2008-2603 1 Oracle 1 Enterprise Manager 2025-04-09 3.5 LOW N/A
Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages.
CVE-2009-2714 1 Sun 1 Virtualbox 2025-04-09 4.9 MEDIUM N/A
Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.
CVE-2009-2713 1 Sun 2 Java System Access Manager, Java System Web Server 2025-04-09 4.3 MEDIUM N/A
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2008-4062 3 Canonical, Debian, Mozilla 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2025-04-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
CVE-2009-1782 1 F-secure 6 Anti-virus, Client Security, Home Server Security and 3 more 2025-04-09 6.8 MEDIUM N/A
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.
CVE-2007-5607 1 Hp 1 Instant Support 2025-04-09 7.5 HIGH N/A
Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.
CVE-2006-5082 1 Sugarcrm 1 Sugar Suite 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.
CVE-2008-1797 1 Secure Computing 1 Webwasher 2025-04-09 7.1 HIGH N/A
Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL.
CVE-2008-2707 2 Intel, Sun 4 Network Interface Controller, Opensolaris, Solaris and 1 more 2025-04-09 7.8 HIGH N/A
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
CVE-2007-5126 1 Symantec 1 Veritas Backup Exec 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
CVE-2007-6238 1 Apple 1 Quicktime 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.