Filtered by vendor
Subscriptions
Total
316 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-5109 | 1 Adobe | 1 Flash Media Server | 2024-11-21 | N/A |
The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | ||||
CVE-2008-4609 | 12 Bsd, Bsdi, Cisco and 9 more | 22 Bsd, Bsd Os, Catalyst Blade Switch 3020 and 19 more | 2024-11-21 | N/A |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | ||||
CVE-2008-4311 | 1 Freedesktop | 1 Dbus | 2024-11-21 | N/A |
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply. | ||||
CVE-2008-4212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | N/A |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | ||||
CVE-2008-4126 | 1 Debian | 2 Linux, Python-dns | 2024-11-21 | N/A |
PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099. | ||||
CVE-2008-4100 | 1 Gnu | 1 Adns | 2024-11-21 | N/A |
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment. | ||||
CVE-2008-4099 | 1 Debian | 2 Linux, Python-dns | 2024-11-21 | N/A |
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
CVE-2008-3519 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | N/A |
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | ||||
CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2024-11-21 | N/A |
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | ||||
CVE-2008-3228 | 1 Joomla | 1 Joomla | 2024-11-21 | N/A |
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | ||||
CVE-2008-3177 | 1 Sophos | 5 Email Appliance, Es1000, Es4000 and 2 more | 2024-11-21 | N/A |
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | ||||
CVE-2008-3115 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | N/A |
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. | ||||
CVE-2008-2366 | 2 Openoffice, Redhat | 2 Openoffice, Enterprise Linux | 2024-11-21 | N/A |
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | ||||
CVE-2008-2359 | 2 Fedora 8, Redhat | 2 Consolehelper, Fedora 8 | 2024-11-21 | N/A |
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. | ||||
CVE-2008-2154 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | ||||
CVE-2008-2121 | 1 Sun | 1 Sunos | 2024-11-21 | N/A |
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. | ||||
CVE-2008-2089 | 1 Sun | 1 Solaris | 2024-11-21 | N/A |
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | ||||
CVE-2008-2060 | 1 Cisco | 1 Intrusion Prevention System | 2024-11-21 | N/A |
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames." | ||||
CVE-2008-1923 | 1 Asterisk | 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more | 2024-11-21 | N/A |
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. | ||||
CVE-2008-1778 | 1 Sun | 1 Sunos | 2024-11-21 | N/A |
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. |