Search Results (23025 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3079 2 Microsoft, Opera 2 Windows, Opera 2025-04-09 N/A
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
CVE-2008-2248 1 Microsoft 2 Exchange Server, Outlook Web Access 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
CVE-2009-1072 8 Canonical, Debian, Linux and 5 more 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more 2025-04-09 N/A
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
CVE-2008-0086 1 Microsoft 4 Data Engine, Sql Server, Sql Server Desktop Engine and 1 more 2025-04-09 N/A
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
CVE-2007-0033 1 Microsoft 2 Office, Outlook 2025-04-09 N/A
Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
CVE-2008-2249 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Server 2003 and 3 more 2025-04-09 N/A
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
CVE-2009-1419 2 Hp, Microsoft 2 Discovery\&dependency Mapping Inventory, Windows 2025-04-09 N/A
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors.
CVE-2009-0321 2 Apple, Microsoft 2 Safari, Windows 2025-04-09 N/A
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.
CVE-2008-5532 2 Ikarus, Microsoft 2 Ikarus Antivirus, Internet Explorer 2025-04-09 N/A
Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2007-1973 1 Microsoft 1 Windows Nt 2025-04-09 N/A
Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
CVE-2009-2536 1 Microsoft 1 Internet Explorer 2025-04-09 N/A
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2008-1086 1 Microsoft 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more 2025-04-09 N/A
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
CVE-2009-4313 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 N/A
ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
CVE-2009-4210 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 N/A
The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
CVE-2008-2246 1 Microsoft 2 Windows-nt, Windows Vista 2025-04-09 N/A
Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
CVE-2006-3434 1 Microsoft 1 Office 2025-04-09 N/A
Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
CVE-2008-2244 1 Microsoft 1 Office Word 2025-04-09 N/A
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
CVE-2008-2306 2 Apple, Microsoft 3 Safari, Windows Vista, Windows Xp 2025-04-09 N/A
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
CVE-2007-3028 1 Microsoft 1 Windows 2000 2025-04-09 N/A
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
CVE-2009-3243 2 Microsoft, Wireshark 2 Windows, Wireshark 2025-04-09 N/A
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.