Export limit exceeded: 26315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3001 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2026-04-23 N/A
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.
CVE-2008-2704 1 Novell 1 Groupwise Messenger 2026-04-23 N/A
Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remote attackers to cause a denial of service (crash) via a long user ID, possibly involving a popup alert. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2009-0358 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
CVE-2009-0478 1 Squid 1 Squid 2026-04-23 N/A
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
CVE-2009-2918 1 Thegreenbow 1 Thegreenbow Vpn Client 2026-04-23 N/A
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
CVE-2009-0508 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
CVE-2009-0518 1 Vmware 3 Vmware Esx, Vmware Esxi, Vmware Virtualcenter 2026-04-23 N/A
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.
CVE-2008-6175 1 K2sxs 1 Silvershield 2026-04-23 N/A
SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command.
CVE-2009-0580 2 Apache, Redhat 8 Tomcat, Certificate System, Enterprise Linux and 5 more 2026-04-23 N/A
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
CVE-2009-2852 2 Ryan.mcgeary, Wordpress 2 Wp-syntax, Wordpress 2026-04-23 N/A
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
CVE-2007-6206 6 Canonical, Debian, Linux and 3 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2026-04-23 N/A
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
CVE-2009-2835 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
CVE-2009-2797 2 Apple, Canonical 2 Iphone Os, Ubuntu Linux 2026-04-23 N/A
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
CVE-2007-5576 2 Bea, Oracle 5 Tuxedo, Weblogic Integration, Weblogic Server and 2 more 2026-04-23 N/A
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
CVE-2009-2796 1 Apple 1 Iphone Os 2026-04-23 N/A
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
CVE-2009-0871 1 Digium 1 Asterisk 2026-04-23 N/A
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
CVE-2009-2715 1 Sun 1 Virtualbox 2026-04-23 N/A
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.
CVE-2009-0879 2 Ibm, Microsoft 2 Director, Windows 2026-04-23 N/A
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
CVE-2009-2711 2 Sun, X.org 3 Opensolaris, Solaris, X11 2026-04-23 N/A
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.
CVE-2008-2747 2 Microsoft, No-ip 2 Windows, Dynamic Update Client 2026-04-23 N/A
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.