Export limit exceeded: 10052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2834 5 Apache, Canonical, Debian and 2 more 6 Openoffice, Ubuntu Linux, Debian Linux and 3 more 2026-04-23 N/A
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
CVE-2007-2837 2 Debian, Fireflier 2 Debian Linux, Fireflier 2026-04-23 N/A
The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
CVE-2007-2797 3 Debian, Redhat, Xterm 3 Debian Linux, Enterprise Linux, Xterm 2026-04-23 N/A
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
CVE-2009-4536 3 Debian, Linux, Redhat 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2026-04-23 N/A
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
CVE-2008-2108 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2026-04-23 9.8 Critical
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
CVE-2008-5507 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
CVE-2007-2691 4 Canonical, Debian, Mysql and 1 more 5 Ubuntu Linux, Debian Linux, Mysql and 2 more 2026-04-23 N/A
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
CVE-2008-0411 6 Debian, Ghostscript, Mandrakesoft and 3 more 14 Debian Linux, Ghostscript, Mandrake Linux and 11 more 2026-04-23 N/A
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
CVE-2007-2835 2 Debian, Unicon-imc2 2 Debian Linux, Unicon-imc2 2026-04-23 N/A
Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.
CVE-2009-3553 5 Apple, Canonical, Debian and 2 more 7 Cups, Mac Os X, Mac Os X Server and 4 more 2026-04-23 7.5 High
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
CVE-2007-2875 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2026-04-23 N/A
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
CVE-2007-5827 2 Debian, Iscsitarget 2 Debian Linux, Iscsitarget 2026-04-23 N/A
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
CVE-2007-5730 4 Debian, Qemu, Redhat and 1 more 4 Debian Linux, Qemu, Enterprise Linux and 1 more 2026-04-23 N/A
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
CVE-2008-6124 2 Debian, Moodle 2 Debian Linux, Moodle 2026-04-23 N/A
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
CVE-2007-5795 2 Debian, Gnu 2 Debian Linux, Emacs 2026-04-23 N/A
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
CVE-2009-1186 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2026-04-23 N/A
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
CVE-2007-1664 2 Debian, Ekg 2 Debian Linux, Ekg 2026-04-23 N/A
ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.
CVE-2009-1837 4 Debian, Fedoraproject, Mozilla and 1 more 9 Debian Linux, Fedora, Firefox and 6 more 2026-04-23 7.5 High
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
CVE-2007-1665 2 Debian, Ekg 2 Debian Linux, Ekg 2026-04-23 N/A
Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
CVE-2008-6125 2 Debian, Moodle 2 Debian Linux, Moodle 2026-04-23 N/A
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.