CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2008-1420 189 Exec Code Overflow 2008-05-16 2018-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
352 CVE-2008-1419 20 DoS Overflow 2008-05-16 2017-09-29
4.3
None Remote Medium Not required None None Partial
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
353 CVE-2008-1381 94 Exec Code 2008-05-01 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
354 CVE-2008-1375 362 DoS +Priv 2008-05-02 2020-08-26
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
355 CVE-2008-1294 20 Bypass 2008-05-02 2018-10-30
2.1
None Local Low Not required None None Partial
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
356 CVE-2008-1159 DoS 2008-05-22 2017-09-29
7.1
None Remote Medium Not required None None Complete
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
357 CVE-2008-1158 20 DoS 2008-05-16 2017-08-08
7.8
None Remote Low Not required None None Complete
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
358 CVE-2008-1105 119 Exec Code Overflow 2008-05-29 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
359 CVE-2008-1104 119 Exec Code Overflow 2008-05-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.
360 CVE-2008-1091 94 Exec Code Overflow 2008-05-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
361 CVE-2008-0959 119 Exec Code Overflow 2008-05-29 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter 3.9.3.2, and possibly other products, allow remote attackers to execute arbitrary code via unspecified vectors.
362 CVE-2008-0958 119 Exec Code Overflow 2008-05-29 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors.
363 CVE-2008-0957 119 Exec Code Overflow 2008-05-20 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters.
364 CVE-2008-0955 119 Exec Code Overflow 2008-05-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.
365 CVE-2008-0891 189 DoS 2008-05-29 2017-08-08
4.3
None Remote Medium Not required None None Partial
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
366 CVE-2008-0713 DoS 2008-05-13 2017-09-29
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
367 CVE-2008-0599 Exec Code 2008-05-05 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
368 CVE-2008-0536 287 DoS 2008-05-22 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
369 CVE-2008-0535 255 DoS 2008-05-22 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239.
370 CVE-2008-0534 20 DoS 2008-05-22 2017-08-08
7.8
None Remote Low Not required None None Complete
The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582.
371 CVE-2008-0322 264 Exec Code +Priv 2008-05-13 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.
372 CVE-2008-0167 59 Bypass 2008-05-18 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.
373 CVE-2008-0166 310 2008-05-13 2022-02-02
7.8
None Remote Low Not required Complete None None
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
374 CVE-2008-0119 94 Exec Code Mem. Corr. 2008-05-13 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
375 CVE-2007-6339 94 Exec Code 2008-05-01 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
376 CVE-2007-6282 16 DoS 2008-05-08 2017-09-29
7.1
None Remote Medium Not required None None Complete
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
377 CVE-2007-5962 399 DoS 2008-05-22 2018-10-15
7.1
None Remote Medium Not required None None Complete
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
378 CVE-2007-5961 79 XSS 2008-05-23 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
379 CVE-2007-5803 79 XSS 2008-05-13 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.
380 CVE-2007-5498 399 DoS 2008-05-08 2017-09-29
4.9
None Local Low Not required None None Complete
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.
381 CVE-2007-5496 79 XSS 2008-05-23 2017-09-29
1.9
None Local Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert.
382 CVE-2007-5495 59 2008-05-23 2017-09-29
4.4
None Local Medium Not required Partial Partial Partial
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.
383 CVE-2007-5001 399 DoS 2008-05-08 2017-09-29
4.9
None Local Low Not required None None Complete
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
Total number of vulnerabilities : 383   Page : 1 2 3 4 5 6 7 8 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.