Total
13606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6573 | 1 Qksoft | 1 Qk Smtp Server 3 | 2026-04-23 | N/A |
| QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. | ||||
| CVE-2007-5462 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems. | ||||
| CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2026-04-23 | N/A |
| Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | ||||
| CVE-2007-3654 | 1 Netbsd | 1 Netbsd | 2026-04-23 | N/A |
| The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function. | ||||
| CVE-2007-3757 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2026-04-23 | N/A |
| Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | ||||
| CVE-2007-3912 | 1 Debian | 1 Debian-goodies | 2026-04-23 | N/A |
| checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | ||||
| CVE-2007-0012 | 1 Sun | 1 Jre | 2026-04-23 | N/A |
| Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM. | ||||
| CVE-2007-1995 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2026-04-23 | N/A |
| bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | ||||
| CVE-2007-4970 | 1 Diamondcs | 1 Processguard | 2026-04-23 | N/A |
| ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey. | ||||
| CVE-2007-1922 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. | ||||
| CVE-2007-2408 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | ||||
| CVE-2006-7225 | 2 Perl, Redhat | 2 Pcre, Enterprise Linux | 2026-04-23 | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. | ||||
| CVE-2006-6383 | 1 Php | 1 Php | 2026-04-23 | N/A |
| PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | ||||
| CVE-2006-5872 | 1 Dws Systems Inc. | 1 Sql-ledger | 2026-04-23 | N/A |
| login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. | ||||
| CVE-2007-4964 | 1 Winimage | 1 Winimage | 2026-04-23 | N/A |
| WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file. | ||||
| CVE-2007-4968 | 1 Privacyware | 1 Privatefirewall | 2026-04-23 | N/A |
| Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for (1) NtOpenProcess and (2) NtOpenThread. | ||||
| CVE-2006-5265 | 1 Microsoft | 1 Dynamics Gp | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | ||||
| CVE-2008-1114 | 1 Vocera | 1 Wireless Handset | 2026-04-23 | N/A |
| Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2007-4844 | 1 X-diesel | 1 Unreal Commander | 2026-04-23 | N/A |
| X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. | ||||
| CVE-2008-3004 | 1 Microsoft | 2 Office, Office Excel Viewer | 2026-04-23 | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | ||||