CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-31271 This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications d... | 7.5 | HIGH | — | 0 |
| CVE-2009-3259 Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the qu... | N/A | NONE | — | 0 |
| CVE-2023-22927 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | — | 0 |
| CVE-2006-0406 search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. | N/A | NONE | — | 0 |
| CVE-2025-43204 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox. | 7.8 | HIGH | — | 0 |
| CVE-2025-43207 This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-43208 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-43231 A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-43262 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-43263 The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox. | 7.1 | HIGH | — | 0 |
| CVE-2006-0407 Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2... | N/A | NONE | — | 0 |
| CVE-2009-3260 Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment. | N/A | NONE | — | 0 |
| CVE-2025-43279 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-43283 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination. | 3.3 | LOW | — | 0 |
| CVE-2009-3261 update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2009-3262 Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the la... | N/A | NONE | — | 0 |
| CVE-2025-43287 The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory. | 7.1 | HIGH | — | 0 |
| CVE-2025-43331 A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. | 4.0 | MEDIUM | — | 0 |
| CVE-2023-22928 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | — | 0 |
| CVE-2008-7244 Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related is... | N/A | NONE | — | 0 |
| CVE-2008-7245 Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to ... | N/A | NONE | — | 0 |
| CVE-2008-7246 Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a rel... | N/A | NONE | — | 0 |
| CVE-2009-2741 Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2025-43297 A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service. | 6.2 | MEDIUM | — | 0 |
| CVE-2009-2793 The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors r... | N/A | NONE | — | 0 |
| CVE-2025-43371 This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox. | 8.2 | HIGH | — | 0 |
| CVE-2023-22929 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | — | 0 |
| CVE-2009-3263 Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the re... | N/A | NONE | — | 0 |
| CVE-2013-4165 The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remot... | N/A | NONE | — | 0 |
| CVE-2009-3264 The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting atta... | N/A | NONE | — | 0 |
| CVE-2009-3265 Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rs... | N/A | NONE | — | 0 |
| CVE-2009-3266 Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks ... | N/A | NONE | — | 0 |
| CVE-2009-3267 Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN ... | N/A | NONE | — | 0 |
| CVE-2009-3661 Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action an... | N/A | NONE | — | 0 |
| CVE-2009-3268 Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009... | N/A | NONE | — | 0 |
| CVE-2025-43307 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | 4.0 | MEDIUM | — | 0 |
| CVE-2009-3269 Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1... | N/A | NONE | — | 0 |
| CVE-2009-3270 Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack,... | N/A | NONE | — | 0 |
| CVE-2009-2140 Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attacke... | N/A | NONE | — | 0 |
| CVE-2009-3662 FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands. | N/A | NONE | — | 0 |
| CVE-2023-22930 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | — | 0 |
| CVE-2009-2742 Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified in... | N/A | NONE | — | 0 |
| CVE-2009-2743 IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentic... | N/A | NONE | — | 0 |
| CVE-2009-2744 Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0... | N/A | NONE | — | 0 |
| CVE-2009-2939 The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink at... | N/A | NONE | — | 0 |
| CVE-2025-43318 This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26. An app with root privileges may be able to access private information. | 6.2 | MEDIUM | — | 0 |
| CVE-2009-3200 The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users ... | N/A | NONE | — | 0 |
| CVE-2023-22944 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | — | 0 |
| CVE-2009-3271 Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | N/A | NONE | — | 0 |
| CVE-2025-43325 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.