Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-5844 | 1 Php | 1 Php | 2024-08-07 | N/A |
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks. | ||||
CVE-2008-5827 | 1 Nokia | 1 6131 Nfc | 2024-08-07 | N/A |
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag. | ||||
CVE-2008-5710 | 1 Avaya | 1 Communication Manager | 2024-08-07 | N/A |
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. | ||||
CVE-2008-5277 | 1 Powerdns | 1 Powerdns | 2024-08-07 | N/A |
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. | ||||
CVE-2008-4609 | 12 Bsd, Bsdi, Cisco and 9 more | 22 Bsd, Bsd Os, Catalyst Blade Switch 3020 and 19 more | 2024-08-07 | N/A |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | ||||
CVE-2008-4311 | 1 Freedesktop | 1 Dbus | 2024-08-07 | N/A |
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | ||||
CVE-2008-4212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | ||||
CVE-2008-4099 | 1 Debian | 2 Linux, Python-dns | 2024-08-07 | N/A |
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
CVE-2008-4100 | 1 Gnu | 1 Adns | 2024-08-07 | N/A |
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment. | ||||
CVE-2008-3519 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-08-07 | N/A |
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | ||||
CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2024-08-07 | N/A |
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | ||||
CVE-2008-3177 | 1 Sophos | 5 Email Appliance, Es1000, Es4000 and 2 more | 2024-08-07 | N/A |
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | ||||
CVE-2008-3228 | 1 Joomla | 1 Joomla | 2024-08-07 | N/A |
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | ||||
CVE-2008-3115 | 1 Sun | 2 Jdk, Jre | 2024-08-07 | N/A |
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. | ||||
CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2024-08-07 | N/A |
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | ||||
CVE-2008-2366 | 2 Openoffice, Redhat | 2 Openoffice, Enterprise Linux | 2024-08-07 | N/A |
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | ||||
CVE-2008-2121 | 1 Sun | 1 Sunos | 2024-08-07 | N/A |
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | ||||
CVE-2008-2154 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | ||||
CVE-2008-2060 | 1 Cisco | 1 Intrusion Prevention System | 2024-08-07 | N/A |
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames." | ||||
CVE-2008-2089 | 1 Sun | 1 Solaris | 2024-08-07 | N/A |
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. |