Export limit exceeded: 10723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10723 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1288 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.
CVE-2008-3138 3 Redhat, Rpath, Wireshark 3 Enterprise Linux, Rpath Linux, Wireshark 2026-04-23 N/A
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
CVE-2009-3002 3 Canonical, Linux, Redhat 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2026-04-23 N/A
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
CVE-2009-2910 6 Canonical, Fedoraproject, Linux and 3 more 15 Ubuntu Linux, Fedora, Linux Kernel and 12 more 2026-04-23 N/A
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
CVE-2009-1412 2 Google, Microsoft 2 Chrome, Internet Explorer 2026-04-23 N/A
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
CVE-2009-2134 1 Pivot 1 Pivot 2026-04-23 N/A
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
CVE-2009-0274 1 Novell 1 Groupwise 2026-04-23 N/A
Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests.
CVE-2007-6206 6 Canonical, Debian, Linux and 3 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2026-04-23 N/A
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
CVE-2009-2130 1 Elvinbts 1 Elvinbts 2026-04-23 N/A
Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.
CVE-2008-2782 1 Otomigenx 1 Otomigenx 2026-04-23 N/A
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
CVE-2008-2049 1 E-post Corporation 1 Mail Server 2026-04-23 N/A
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.
CVE-2008-1292 3 Gentoo, Redhat, Viewvc 3 Linux, Fedora, Viewvc 2026-04-23 N/A
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
CVE-2008-1156 1 Cisco 2 Cisco Ios, Ios 2026-04-23 N/A
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
CVE-2009-4530 1 Sergey Lyubka 1 Mongoose 2026-04-23 N/A
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.
CVE-2007-6190 1 Cisco 1 Unified Ip Phone 2026-04-23 N/A
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
CVE-2007-6193 1 Citrix 1 Netscaler 2026-04-23 N/A
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.
CVE-2008-1290 3 Gentoo, Redhat, Viewvc 3 Linux, Fedora, Viewvc 2026-04-23 N/A
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
CVE-2009-4298 1 Moodle 1 Moodle 2026-04-23 N/A
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
CVE-2008-0598 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
CVE-2007-6095 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.