ReportizFlow
Filtered by vendor
Subscriptions
Total
5490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4572 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." | ||||
| CVE-2007-5210 | 1 Arbor Networks | 1 Peakflow Sp | 2026-04-23 | N/A |
| Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2975 | 1 Ignite Realtime | 1 Openfire | 2026-04-23 | N/A |
| The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. | ||||
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2026-04-23 | N/A |
| dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5907 | 2 Redhat, Xensource Inc | 2 Enterprise Linux, Xen | 2026-04-23 | N/A |
| Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | ||||
| CVE-2008-5351 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | ||||
| CVE-2007-5101 | 1 Furquim | 1 Chironfs | 2026-04-23 | N/A |
| ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges. | ||||
| CVE-2007-6294 | 1 Ibm | 1 Hardware Management Console | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | ||||
| CVE-2007-6383 | 1 Chandler Project | 1 Chandler Server | 2026-04-23 | N/A |
| The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection. | ||||
| CVE-2008-5504 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | ||||
| CVE-2008-5505 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies. | ||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2026-04-23 | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | ||||
| CVE-2008-5572 | 1 Dotnetindex | 1 Professional Download Assistant | 2026-04-23 | N/A |
| Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | ||||
| CVE-2008-5597 | 1 Cold Bbs | 1 Cold Bbs | 2026-04-23 | N/A |
| Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. | ||||
| CVE-2007-5134 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2026-04-23 | N/A |
| Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. | ||||
| CVE-2008-2059 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix Security Appliance | 2026-04-23 | N/A |
| Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors. | ||||
| CVE-2008-5600 | 1 Merlix | 1 Teamworx Server | 2026-04-23 | N/A |
| Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. | ||||
| CVE-2008-5601 | 1 Robs-projects | 1 Asp User Engine | 2026-04-23 | N/A |
| User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. | ||||
| CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2026-04-23 | N/A |
| Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1656 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | ||||