CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-5001 399 DoS 2008-05-08 2017-09-29
4.9
None Local Low Not required None None Complete
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
2 CVE-2007-5495 59 2008-05-23 2017-09-29
4.4
None Local Medium Not required Partial Partial Partial
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.
3 CVE-2007-5496 79 XSS 2008-05-23 2017-09-29
1.9
None Local Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.
4 CVE-2007-5498 399 DoS 2008-05-08 2017-09-29
4.9
None Local Low Not required None None Complete
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.
5 CVE-2007-5803 79 XSS 2008-05-13 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.
6 CVE-2007-5961 79 XSS 2008-05-23 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
7 CVE-2007-5962 399 DoS 2008-05-22 2018-10-15
7.1
None Remote Medium Not required None None Complete
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
8 CVE-2007-6282 16 DoS 2008-05-08 2017-09-29
7.1
None Remote Medium Not required None None Complete
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
9 CVE-2007-6339 94 Exec Code 2008-05-01 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
10 CVE-2008-0119 94 Exec Code Mem. Corr. 2008-05-13 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
11 CVE-2008-0166 310 2008-05-13 2022-02-02
7.8
None Remote Low Not required Complete None None
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
12 CVE-2008-0167 59 Bypass 2008-05-18 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.
13 CVE-2008-0322 264 Exec Code +Priv 2008-05-13 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.
14 CVE-2008-0534 20 DoS 2008-05-22 2017-08-08
7.8
None Remote Low Not required None None Complete
The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582.
15 CVE-2008-0535 255 DoS 2008-05-22 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239.
16 CVE-2008-0536 287 DoS 2008-05-22 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
17 CVE-2008-0599 Exec Code 2008-05-05 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
18 CVE-2008-0713 DoS 2008-05-13 2017-09-29
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
19 CVE-2008-0891 189 DoS 2008-05-29 2017-08-08
4.3
None Remote Medium Not required None None Partial
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
20 CVE-2008-0955 119 Exec Code Overflow 2008-05-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.
21 CVE-2008-0957 119 Exec Code Overflow 2008-05-20 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters.
22 CVE-2008-0958 119 Exec Code Overflow 2008-05-29 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors.
23 CVE-2008-0959 119 Exec Code Overflow 2008-05-29 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors.
24 CVE-2008-1091 94 Exec Code Overflow 2008-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
25 CVE-2008-1104 119 Exec Code Overflow 2008-05-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.
26 CVE-2008-1105 119 Exec Code Overflow 2008-05-29 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
27 CVE-2008-1158 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
28 CVE-2008-1159 DoS 2008-05-22 2017-09-29
7.1
None Remote Medium Not required None None Complete
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
29 CVE-2008-1294 20 Bypass 2008-05-02 2018-10-30
2.1
None Local Low Not required None None Partial
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
30 CVE-2008-1375 362 DoS +Priv 2008-05-02 2020-08-26
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
31 CVE-2008-1381 94 Exec Code 2008-05-01 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
32 CVE-2008-1419 20 DoS Overflow 2008-05-16 2017-09-29
4.3
None Remote Medium Not required None None Partial
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
33 CVE-2008-1420 189 Exec Code Overflow 2008-05-16 2018-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
34 CVE-2008-1423 189 DoS Exec Code Overflow 2008-05-16 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
35 CVE-2008-1434 399 Exec Code Mem. Corr. 2008-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
36 CVE-2008-1437 399 DoS 2008-05-13 2018-10-12
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
37 CVE-2008-1438 399 DoS 2008-05-13 2018-10-12
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
38 CVE-2008-1615 399 DoS 2008-05-08 2017-09-29
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
39 CVE-2008-1659 +Priv 2008-05-08 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
40 CVE-2008-1660 2008-05-21 2017-09-29
6.3
None Local Medium Not required Complete Complete None
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
41 CVE-2008-1669 94 Exec Code 2008-05-08 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
42 CVE-2008-1672 476 DoS 2008-05-29 2022-02-02
4.3
None Remote Medium Not required None None Partial
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
43 CVE-2008-1675 399 2008-05-02 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
44 CVE-2008-1677 120 DoS Exec Code Overflow 2008-05-12 2022-02-03
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
45 CVE-2008-1740 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.
46 CVE-2008-1741 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.
47 CVE-2008-1742 399 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
48 CVE-2008-1743 399 DoS 2008-05-16 2018-10-31
7.8
None Remote Low Not required None None Complete
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.
49 CVE-2008-1744 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
50 CVE-2008-1745 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
Total number of vulnerabilities : 383   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.