Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7672 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2108 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2024-11-21 | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. | ||||
| CVE-2007-0714 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, Windows | 2024-11-21 | N/A |
| Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. | ||||
| CVE-2007-0712 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, Windows | 2024-11-21 | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. | ||||
| CVE-2007-0711 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2024-11-21 | N/A |
| Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. | ||||
| CVE-2006-3146 | 2 Microsoft, Toshiba | 2 Windows, Bluetooth Stack | 2024-11-21 | N/A |
| The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23. | ||||
| CVE-2006-3074 | 2 Kaspersky, Microsoft | 4 Kaspersky Anti-virus, Kaspersky Internet Security, Windows and 1 more | 2024-11-21 | N/A |
| klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess. | ||||
| CVE-2006-2312 | 2 Microsoft, Skype | 2 Windows, Skype | 2024-11-21 | N/A |
| Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. | ||||
| CVE-2005-4868 | 2 Ibm, Microsoft | 2 Db2 Universal Database, Windows | 2024-11-21 | 7.1 High |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | ||||
| CVE-2005-3483 | 2 Graphon, Microsoft | 2 Go-global, Windows | 2024-11-21 | N/A |
| Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. | ||||
| CVE-2005-3059 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." | ||||
| CVE-2005-1891 | 2 Aol, Microsoft | 2 Aim, Windows | 2024-11-20 | 7.5 High |
| The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | ||||
| CVE-2004-0717 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2024-11-20 | N/A |
| Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||||
| CVE-2003-1590 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2024-11-20 | N/A |
| Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. | ||||
| CVE-2003-1589 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2024-11-20 | N/A |
| Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. | ||||
| CVE-2003-1579 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2024-11-20 | N/A |
| Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | ||||
| CVE-2002-0969 | 2 Microsoft, Oracle | 2 Windows, Mysql | 2024-11-20 | 7.8 High |
| Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | ||||
| CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-11-20 | N/A |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||||
| CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-11-20 | N/A |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | ||||
| CVE-2024-39726 | 3 Ibm, Linux, Microsoft | 4 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights, Linux Kernel and 1 more | 2024-11-19 | 8.2 High |
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2024-49536 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2024-11-19 | 5.5 Medium |
| Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||