Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-1139 | 1 Deslock | 1 Deslock | 2024-08-07 | N/A |
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability. | ||||
CVE-2008-1095 | 1 Sun | 2 Solaris, Sunos | 2024-08-07 | N/A |
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. | ||||
CVE-2008-1027 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | ||||
CVE-2008-1099 | 1 Moinmoin | 1 Moinmoin | 2024-08-07 | N/A |
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. | ||||
CVE-2008-1033 | 1 Apple | 3 Cups, Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." | ||||
CVE-2008-0998 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | ||||
CVE-2008-0931 | 2 Debian, Xwine | 2 Debian Linux, Xwine | 2024-08-07 | N/A |
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | ||||
CVE-2008-0928 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-07 | N/A |
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. | ||||
CVE-2008-0864 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-08-07 | N/A |
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | ||||
CVE-2008-0896 | 1 Bea Systems | 1 Weblogic Portal | 2024-08-07 | N/A |
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | ||||
CVE-2008-0865 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-08-07 | N/A |
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | ||||
CVE-2008-0900 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Express | 2024-08-07 | N/A |
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. | ||||
CVE-2008-0910 | 1 F-secure | 8 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus For Linux and 5 more | 2024-08-07 | N/A |
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792. | ||||
CVE-2008-0890 | 1 Redhat | 1 Directory Server | 2024-08-07 | N/A |
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. | ||||
CVE-2008-0898 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues. | ||||
CVE-2008-0889 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2024-08-07 | N/A |
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. | ||||
CVE-2008-0897 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. | ||||
CVE-2008-0893 | 1 Redhat | 1 Directory Server | 2024-08-07 | N/A |
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions. | ||||
CVE-2008-0862 | 1 Ibm | 1 Lotus Notes | 2024-08-07 | N/A |
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. | ||||
CVE-2008-0843 | 1 Statcountex | 1 Statcountex | 2024-08-07 | N/A |
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. |