Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4572 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." | ||||
| CVE-2008-2079 | 5 Canonical, Debian, Mysql and 2 more | 6 Ubuntu Linux, Debian Linux, Mysql and 3 more | 2025-04-09 | N/A |
| MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | ||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | N/A |
| Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | ||||
| CVE-2008-0402 | 1 Ibm | 1 Websphere Business Modeler | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. | ||||
| CVE-2008-0375 | 1 Oki Printing Solutions | 1 C5510 Mfp Printer | 2025-04-09 | N/A |
| Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. | ||||
| CVE-2006-6501 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | ||||
| CVE-2008-0628 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2025-04-09 | N/A |
| The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | ||||
| CVE-2008-0556 | 1 Openca | 1 Openca Pki | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer. | ||||
| CVE-2008-0233 | 1 Zero Cms | 1 Zero Cms | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg. | ||||
| CVE-2007-6395 | 1 Flat Php | 1 Board | 2025-04-09 | N/A |
| Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. | ||||
| CVE-2007-6294 | 1 Ibm | 1 Hardware Management Console | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | ||||
| CVE-2007-6081 | 1 Adventnet | 1 Eventlog Analyzer | 2025-04-09 | N/A |
| AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | ||||
| CVE-2007-6056 | 1 Aida-orga | 1 Aida-web | 2025-04-09 | N/A |
| frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters. | ||||
| CVE-2007-5907 | 2 Redhat, Xensource Inc | 2 Enterprise Linux, Xen | 2025-04-09 | N/A |
| Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | ||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2025-04-09 | N/A |
| Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | ||||
| CVE-2007-5382 | 1 Cisco | 2 Wireless Control System, Wireless Lan Solution Engine | 2025-04-09 | N/A |
| The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. | ||||
| CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. | ||||
| CVE-2007-5087 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded. | ||||
| CVE-2007-4909 | 1 Winscp | 1 Winscp | 2025-04-09 | N/A |
| Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015. | ||||
| CVE-2007-3186 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | ||||