Total
35523 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2952 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors. | ||||
| CVE-2008-4841 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Xp and 1 more | 2026-04-23 | N/A |
| The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. | ||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2026-04-23 | N/A |
| The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | ||||
| CVE-2008-4914 | 1 Vmware | 2 Esx, Esxi | 2026-04-23 | N/A |
| Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk. | ||||
| CVE-2008-4925 | 1 Mw6 Technologies | 1 Datamatrix Activex | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | ||||
| CVE-2008-5006 | 1 University Of Washington | 1 Imap Toolkit | 2026-04-23 | N/A |
| smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code. | ||||
| CVE-2008-3838 | 1 Sun | 2 Opensolaris, Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service. | ||||
| CVE-2008-4793 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | ||||
| CVE-2008-4301 | 1 Microsoft | 1 Internet Information Services | 2026-04-23 | N/A |
| A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous | ||||
| CVE-2008-4306 | 2 Redhat, Ubuntu | 2 Enterprise Linux, Linux | 2026-04-23 | N/A |
| Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence. | ||||
| CVE-2008-4963 | 1 Cisco | 2 Catos, Ios | 2026-04-23 | N/A |
| Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. | ||||
| CVE-2008-4816 | 2 Adobe, Microsoft | 4 Acrobat, Acrobat Reader, Download Manager and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. | ||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | ||||
| CVE-2008-7235 | 1 Oracle | 2 Application Server, E-business Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04. | ||||
| CVE-2008-7236 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to affect integrity via unknown vectors, aka AS05. | ||||
| CVE-2008-7237 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06. | ||||
| CVE-2008-7239 | 1 Oracle | 1 E-business Suite 11i | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04). | ||||
| CVE-2008-4618 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2026-04-23 | N/A |
| The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | ||||
| CVE-2008-4047 | 1 Novell | 1 Novell Forum | 2026-04-23 | N/A |
| Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515. | ||||
| CVE-2008-4057 | 1 Objective Development | 1 Sharity | 2026-04-23 | N/A |
| Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem." | ||||