Export limit exceeded: 346652 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0861 | 1 Ibm | 1 Lotus Quickplace | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action. | ||||
| CVE-2008-1375 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2026-04-23 | N/A |
| Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. | ||||
| CVE-2008-0864 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2026-04-23 | N/A |
| Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-1376 | 1 Redhat | 2 Enterprise Linux, Nfs Utils | 2026-04-23 | N/A |
| A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-0868 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2008-1377 | 2 Redhat, X | 2 Enterprise Linux, X11 | 2026-04-23 | N/A |
| The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | ||||
| CVE-2008-1565 | 2 Hotscripts, Phpbb | 2 Pjirc, Pjirc Module | 2026-04-23 | N/A |
| Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | ||||
| CVE-2008-1761 | 1 Opera | 1 Opera | 2026-04-23 | N/A |
| Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. | ||||
| CVE-2008-0869 | 2 Bea, Bea Systems | 3 Weblogic Server, Weblogic Workshop, Weblogic | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows. | ||||
| CVE-2008-1380 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||||
| CVE-2008-1566 | 1 Manageengine | 1 Applications Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1381 | 1 Zoneminder | 1 Zoneminder | 2026-04-23 | N/A |
| ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL. | ||||
| CVE-2008-1382 | 2 Libpng, Redhat | 2 Libpng, Enterprise Linux | 2026-04-23 | N/A |
| libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | ||||
| CVE-2008-1567 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2026-04-23 | 5.5 Medium |
| phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | ||||
| CVE-2008-1762 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. | ||||
| CVE-2008-1383 | 1 Gentoo | 1 Linux | 2026-04-23 | N/A |
| The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | ||||
| CVE-2008-1568 | 1 Comix | 1 Comix | 2026-04-23 | N/A |
| comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs. | ||||
| CVE-2008-1385 | 1 S9y | 1 Serendipity | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. | ||||
| CVE-2008-1569 | 2 Debian, Policyd-weight | 2 Debian Linux, Policyd-weight | 2026-04-23 | N/A |
| policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. | ||||
| CVE-2008-1763 | 1 Blogator Script | 1 Blogator Script | 2026-04-23 | N/A |
| SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter. | ||||