The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2008-0056 | Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | Medium | Mar 19, 2008 | n/a |
CVE-2008-0055 | Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | High | Mar 19, 2008 | n/a |
CVE-2008-0054 | Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | Medium | Mar 19, 2008 | n/a |
CVE-2008-0053 | Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has unknown impact and attack vectors related to "input validation." | High | Mar 19, 2008 | n/a |
CVE-2008-0052 | CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | Medium | Mar 19, 2008 | n/a |
CVE-2008-0051 | Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | Medium | Mar 19, 2008 | n/a |
CVE-2008-0050 | CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | Medium | Mar 25, 2008 | n/a |
CVE-2008-0049 | AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | Low | Mar 25, 2008 | n/a |
CVE-2008-0048 | Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | Medium | Mar 19, 2008 | n/a |
CVE-2008-0047 | Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | High | Mar 25, 2008 | n/a |
CVE-2008-0046 | The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | Medium | Mar 19, 2008 | n/a |
CVE-2008-0045 | Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | High | Mar 19, 2008 | n/a |
CVE-2008-0044 | Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. | Medium | Mar 19, 2008 | n/a |
CVE-2008-0043 | Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | High | Feb 8, 2008 | n/a |
CVE-2008-0042 | Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | Medium | Feb 12, 2008 | n/a |
CVE-2008-0041 | Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. | Medium | Feb 12, 2008 | n/a |
CVE-2008-0040 | Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. | High | Feb 12, 2008 | n/a |
CVE-2008-0039 | Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | Medium | Feb 12, 2008 | n/a |
CVE-2008-0038 | Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | Low | Feb 12, 2008 | n/a |
CVE-2008-0037 | X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. | Medium | Feb 12, 2008 | n/a |
CVE-2008-0036 | Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | Medium | Jan 16, 2008 | n/a |
CVE-2008-0035 | Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2 and iPod touch 1.1 through 1.1.2 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. | Medium | Feb 13, 2008 | n/a |
CVE-2008-0034 | Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | Medium | Jan 16, 2008 | n/a |
CVE-2008-0033 | Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. | High | Jan 21, 2008 | n/a |
CVE-2008-0032 | Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. | Medium | Jan 16, 2008 | n/a |
CVE-2008-0031 | Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execurte arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. | Medium | Jan 16, 2008 | n/a |
CVE-2008-0030 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2008-0029 | Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | High | Jan 23, 2008 | n/a |
CVE-2008-0028 | Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. | High | Feb 1, 2008 | n/a |
CVE-2008-0027 | Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. | High | Jan 17, 2008 | n/a |
CVE-2008-0026 | SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | Medium | Sep 5, 2008 | n/a |
CVE-2008-0020 | Unspecified vulnerability in the Microsoft Video ActiveX control in msvidctl.dll allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, a different vulnerability than CVE-2008-0015. | High | Jul 8, 2009 | n/a |
CVE-2008-0017 | The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. | High | Nov 17, 2008 | n/a |
CVE-2008-0016 | Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. | High | Oct 1, 2008 | n/a |
CVE-2008-0015 | Stack-based buffer overflow in MPEG2TuneRequest in the Microsoft Video ActiveX control in msvidctl.dll in Microsoft DirectShow in Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009. | High | Jul 15, 2009 | n/a |
CVE-2008-0014 | Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\'s configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. | High | Nov 18, 2008 | n/a |
CVE-2008-0013 | Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\'s configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014. | High | Nov 18, 2008 | n/a |
CVE-2008-0012 | Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\'s configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. | High | Nov 18, 2008 | n/a |
CVE-2008-0011 | Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the MJPEG Decoder Vulnerability. | High | Jun 12, 2008 | n/a |
CVE-2008-0010 | The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. | Low | Feb 12, 2008 | n/a |
CVE-2008-0009 | The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. | Low | Feb 12, 2008 | n/a |
CVE-2008-0008 | The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. | High | Feb 1, 2008 | n/a |
CVE-2008-0007 | Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. | High | Feb 8, 2008 | n/a |
CVE-2008-0006 | Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | High | Feb 1, 2008 | n/a |
CVE-2008-0005 | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | Medium | Jan 14, 2008 | n/a |
CVE-2008-0004 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | REJECT | Mar 26, 2009 | n/a |
CVE-2008-0003 | Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), , when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. | High | Feb 26, 2008 | n/a |
CVE-2008-0002 | Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. | Medium | Feb 12, 2008 | n/a |
CVE-2008-0001 | VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. | Low | Feb 11, 2008 | n/a |
CVE-2007-20001 | A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20. | MEDIUM | Feb 11, 2022 | n/a |