Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2918 | 1 Thegreenbow | 1 Thegreenbow Vpn Client | 2025-04-09 | 2.1 LOW | N/A |
| The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0. | |||||
| CVE-2009-1777 | 1 Matt Wright | 1 Formmail | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter. | |||||
| CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.3 HIGH | N/A |
| Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | |||||
| CVE-2009-0089 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 5.8 MEDIUM | N/A |
| Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." | |||||
| CVE-2008-4363 | 1 Deslock | 1 Deslock | 2025-04-09 | 7.2 HIGH | N/A |
| DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended. | |||||
| CVE-2007-3701 | 2 3com, Tippingpoint | 2 Tippingpoint Ips Tos, Tipping Point | 2025-04-09 | 7.5 HIGH | N/A |
| TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. | |||||
| CVE-2009-0156 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. | |||||
| CVE-2008-2032 | 1 Acritum | 1 Femitter Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0570 | 1 Drupal | 1 Openid | 2025-04-09 | 5.0 MEDIUM | N/A |
| The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers. | |||||
| CVE-2008-3493 | 1 Realvnc | 1 Realvnc Windows Client | 2025-04-09 | 5.0 MEDIUM | N/A |
| vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. | |||||
| CVE-2009-0927 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | 9.3 HIGH | 8.8 HIGH |
| Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. | |||||
| CVE-2007-3755 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | |||||
| CVE-2009-0396 | 1 Sony Ericsson | 9 K530i, K610i, K618i and 6 more | 2025-04-09 | 7.8 HIGH | N/A |
| The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948. | |||||
| CVE-2006-7113 | 1 Planerd.net | 1 P-news | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1785 | 1 Prozilla | 1 Top 100 | 2025-04-09 | 5.5 MEDIUM | N/A |
| delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | |||||
| CVE-2009-4101 | 2 Didier Ernotte, Mozilla | 2 Inforss, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||||
| CVE-2009-2420 | 1 Apple | 1 Safari | 2025-04-09 | 5.8 MEDIUM | N/A |
| Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. | |||||
| CVE-2007-6218 | 1 Ossigeno | 1 Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | |||||
| CVE-2008-4618 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | |||||
| CVE-2007-4567 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | |||||