Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3527 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
| arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions. | ||||
| CVE-2008-3525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-07 | N/A |
| The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | ||||
| CVE-2008-3508 | 1 Wogan May | 1 Litenews | 2024-08-07 | N/A |
| LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie. | ||||
| CVE-2008-3528 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-08-07 | N/A |
| The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. | ||||
| CVE-2008-3464 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2024-08-07 | N/A |
| afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." | ||||
| CVE-2008-3485 | 1 Citrix | 2 Metaframe Presentation Server, Xp | 2024-08-07 | N/A |
| Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. | ||||
| CVE-2008-3494 | 1 8e6 | 1 R3000 Internet Filter | 2024-08-07 | N/A |
| 8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header. | ||||
| CVE-2008-3473 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-08-07 | N/A |
| Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." | ||||
| CVE-2008-3450 | 1 Sun | 1 Sunos | 2024-08-07 | N/A |
| Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | ||||
| CVE-2008-3454 | 1 Jnshosts | 1 Php Hosting Directory | 2024-08-07 | N/A |
| JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1. | ||||
| CVE-2008-3488 | 1 Novell | 1 Imanager | 2024-08-07 | N/A |
| Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors. | ||||
| CVE-2008-3395 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2024-08-07 | N/A |
| Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3472 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-08-07 | N/A |
| Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." | ||||
| CVE-2008-3356 | 1 Ingres | 1 Ingres | 2024-08-07 | N/A |
| verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. | ||||
| CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2024-08-07 | N/A |
| Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160. | ||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2024-08-07 | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | ||||
| CVE-2008-3300 | 1 Alphadmin | 1 Alphadmin Cms | 2024-08-07 | N/A |
| AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3303 | 1 Tuxplanet | 1 Bilboblog | 2024-08-07 | N/A |
| admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | ||||
| CVE-2008-3268 | 1 Brickhost | 1 Phpscheduleit | 2024-08-07 | N/A |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3273 | 2 Jboss, Redhat | 3 Enterprise Application Platform, Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2024-08-07 | N/A |
| JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | ||||