The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-0088 | Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. | Medium | Feb 12, 2008 |
| CVE-2008-0087 | The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | High | Apr 9, 2008 |
| CVE-2008-0086 | Buffer overflow in the convert function in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via a crafted SQL expression. | High | Jul 14, 2008 |
| CVE-2008-0085 | Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. | Medium | Jul 14, 2008 |
| CVE-2008-0084 | Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. | High | Feb 12, 2008 |
| CVE-2008-0083 | The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, does not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. | High | Apr 9, 2008 |
| CVE-2008-0082 | An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to change state, obtain contact information, and establish audio or video connections without notification via unknown vectors. | High | Aug 14, 2008 |
| CVE-2008-0081 | Unspecified vulnerability in Microsoft Excel 2004 and earlier, and Microsoft Office Excel Viewer 2003, allows remote attackers to execute arbitrary code via an Excel file with a malformed header, which triggers memory corruption. NOTE: due to lack of details from the vendor, it is not clear whether this is the same issue as CVE-2007-3490. | High | Jan 17, 2008 |
| CVE-2008-0080 | Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. | High | Sep 5, 2008 |
| CVE-2008-0078 | Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka Argument Handling Memory Corruption Vulnerability. | High | Sep 5, 2008 |
| CVE-2008-0077 | Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka Property Memory Corruption Vulnerability. | High | Sep 5, 2008 |
| CVE-2008-0076 | Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka HTML Rendering Memory Corruption Vulnerability. | High | Sep 5, 2008 |
| CVE-2008-0075 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | High | Feb 12, 2008 |
| CVE-2008-0074 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFileRoot, or WWWRoot folders. | High | Feb 12, 2008 |
| CVE-2008-0073 | Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | Medium | Mar 25, 2008 |
| CVE-2008-0072 | Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | Medium | Sep 10, 2008 |
| CVE-2008-0071 | The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | Medium | Jun 20, 2008 |
| CVE-2008-0070 | Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. | Medium | Mar 31, 2008 |
| CVE-2008-0069 | Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461. | Medium | Apr 2, 2008 |
| CVE-2008-0068 | Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. | Medium | Apr 17, 2008 |
| CVE-2008-0067 | Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.51 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. | High | Jan 8, 2009 |
| CVE-2008-0066 | Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. | High | Apr 10, 2008 |
| CVE-2008-0065 | Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. | High | Jan 23, 2008 |
| CVE-2008-0064 | Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. | High | Feb 1, 2008 |
| CVE-2008-0063 | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | Medium | Mar 25, 2008 |
| CVE-2008-0062 | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | High | Mar 20, 2008 |
| CVE-2008-0061 | MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records." | Medium | Jan 4, 2008 |
| CVE-2008-0060 | Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | Medium | Mar 19, 2008 |
| CVE-2008-0059 | Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | Medium | Mar 19, 2008 |
| CVE-2008-0058 | Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | Medium | Mar 19, 2008 |
| CVE-2008-0057 | Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | Medium | Mar 25, 2008 |
| CVE-2008-0056 | Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | Medium | Mar 19, 2008 |
| CVE-2008-0055 | Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | High | Mar 19, 2008 |
| CVE-2008-0054 | Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | Medium | Mar 19, 2008 |
| CVE-2008-0053 | Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X 10.5.2 has unknown impact and attack vectors related to "input validation." | High | Mar 19, 2008 |
| CVE-2008-0052 | CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | Medium | Mar 19, 2008 |
| CVE-2008-0051 | Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | Medium | Mar 19, 2008 |
| CVE-2008-0050 | CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | Medium | Mar 25, 2008 |
| CVE-2008-0049 | AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | Low | Mar 25, 2008 |
| CVE-2008-0048 | Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | Medium | Mar 19, 2008 |
| CVE-2008-0047 | Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | High | Mar 25, 2008 |
| CVE-2008-0046 | The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | Medium | Mar 19, 2008 |
| CVE-2008-0045 | Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | High | Mar 19, 2008 |
| CVE-2008-0044 | Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. | Medium | Mar 19, 2008 |
| CVE-2008-0043 | Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | High | Feb 8, 2008 |
| CVE-2008-0042 | Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | Medium | Feb 12, 2008 |
| CVE-2008-0041 | Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. | Medium | Feb 12, 2008 |
| CVE-2008-0040 | Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. | High | Feb 12, 2008 |
| CVE-2008-0039 | Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | Medium | Feb 12, 2008 |
| CVE-2008-0038 | Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | Low | Feb 12, 2008 |
