Export limit exceeded: 337916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2544 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. | ||||
| CVE-2008-10004 | 1 Email Registration Project | 1 Email Registration | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. | ||||
| CVE-2008-10003 | 1 Flashgames Project | 1 Flashgames | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. | ||||
| CVE-2008-10002 | 1 Ajaxlife Project | 1 Ajaxlife | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | ||||
| CVE-2007-6763 | 1 Sas | 1 Sas Drug Development | 2024-11-21 | N/A |
| SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | ||||
| CVE-2007-6762 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. | ||||
| CVE-2007-6758 | 1 Sencha | 1 Ext Js | 2024-11-21 | 7.5 High |
| Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. | ||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 9.8 Critical |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | ||||
| CVE-2007-5967 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | ||||
| CVE-2007-5743 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2024-11-21 | 7.5 High |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | ||||
| CVE-2007-4774 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.9 Medium |
| The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process. | ||||
| CVE-2007-4773 | 1 Systrace Project | 1 Systrace | 2024-11-21 | 9.8 Critical |
| Systrace before 1.6.0 has insufficient escape policy enforcement. | ||||
| CVE-2007-3915 | 1 Mandriva | 1 Mondo | 2024-11-21 | 9.1 Critical |
| Mondo 2.24 has insecure handling of temporary files. | ||||
| CVE-2007-3732 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. | ||||
| CVE-2007-20001 | 1 Starwindsoftware | 1 Iscsi San | 2024-11-21 | 7.5 High |
| A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20. | ||||
| CVE-2007-10003 | 1 Wp-plugins | 1 The Hackers Diet | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803. | ||||
| CVE-2007-0899 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 9.8 Critical |
| There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | ||||
| CVE-2007-0158 | 1 Acme | 1 Thttpd | 2024-11-21 | 9.8 Critical |
| thttpd 2007 has buffer underflow. | ||||
| CVE-2006-7254 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | ||||
| CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2024-11-21 | 6.8 Medium |
| NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | ||||