Total
29926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4865 | 2 Redhat, Valgrind | 2 Enterprise Linux, Valgrind | 2026-04-23 | N/A |
| Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario. | ||||
| CVE-2007-0731 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL. | ||||
| CVE-2009-2321 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string. | ||||
| CVE-2007-0735 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. | ||||
| CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | ||||
| CVE-2009-3020 | 1 Microsoft | 1 Windows Server 2003 | 2026-04-23 | N/A |
| win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1355 | 2 Apache, Redhat | 2 Tomcat, Network Satellite | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. | ||||
| CVE-2007-2140 | 1 Franklin Huang | 1 Flip-search-add-on | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | ||||
| CVE-2007-2150 | 1 Bluearc | 1 Titan | 2026-04-23 | N/A |
| BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | ||||
| CVE-2007-2153 | 1 Atmail | 1 Atmail Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2009-3049 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | ||||
| CVE-2007-2797 | 3 Debian, Redhat, Xterm | 3 Debian Linux, Enterprise Linux, Xterm | 2026-04-23 | N/A |
| xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. | ||||
| CVE-2009-3076 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. | ||||
| CVE-2007-0805 | 1 Hp | 1 Tru64 | 2026-04-23 | N/A |
| The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. | ||||
| CVE-2007-0821 | 1 Cedric | 1 Claire Portailphp | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0303 | 1 Canon | 12 I-sensys, Imagepress, Imagerunner and 9 more | 2026-04-23 | N/A |
| The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. | ||||
| CVE-2008-0306 | 1 Sap | 1 Maxdb | 2026-04-23 | N/A |
| sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. | ||||
| CVE-2007-0833 | 1 Vmware | 1 Workstation | 2026-04-23 | N/A |
| VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. | ||||
| CVE-2007-5795 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2026-04-23 | N/A |
| The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | ||||
| CVE-2007-0849 | 1 Syscp Team | 1 Syscp | 2026-04-23 | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568. | ||||