Total
2548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4268 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2024-11-21 | 8.5 HIGH | N/A |
| The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." | |||||
| CVE-2008-4266 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability." | |||||
| CVE-2008-4265 | 1 Microsoft | 6 20007 Office System, Office, Office Compatibility Pack For Word Excel Ppt 2007 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." | |||||
| CVE-2008-4264 | 1 Microsoft | 6 20007 Office System, Office, Office Compatibility Pack For Word Excel Ppt 2007 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." | |||||
| CVE-2008-4261 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | |||||
| CVE-2008-4260 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-11-21 | 8.5 HIGH | N/A |
| Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2008-4259 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." | |||||
| CVE-2008-4258 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-11-21 | 8.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." | |||||
| CVE-2008-4256 | 1 Microsoft | 5 Office Frontpage, Project, Visual Basic and 2 more | 2024-11-21 | 8.5 HIGH | N/A |
| The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." | |||||
| CVE-2008-4253 | 1 Microsoft | 5 Office Frontpage, Project, Visual Basic and 2 more | 2024-11-21 | 8.5 HIGH | N/A |
| The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." | |||||
| CVE-2008-4246 | 1 Denora Irc Stats | 1 Denora Irc Stats | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allows remote IRC servers to cause a denial of service (application crash) via a crafted CTCP response. | |||||
| CVE-2008-4236 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 7.1 HIGH | N/A |
| Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. | |||||
| CVE-2008-4231 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2024-11-21 | 9.3 HIGH | N/A |
| Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2008-4226 | 1 Xmlsoft | 1 Libxml | 2024-11-21 | 10.0 HIGH | N/A |
| Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | |||||
| CVE-2008-4222 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 7.1 HIGH | N/A |
| natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. | |||||
| CVE-2008-4221 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 10.0 HIGH | N/A |
| The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. | |||||
| CVE-2008-4219 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 4.9 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. | |||||
| CVE-2008-4194 | 1 Pdnsd | 1 Pdnsd | 2024-11-21 | 5.0 MEDIUM | N/A |
| The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug." | |||||
| CVE-2008-4160 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation. | |||||
| CVE-2008-4135 | 2 Nokia, S60 | 3 E90 Communicator, N82, Symbian Os | 2024-11-21 | 7.8 HIGH | N/A |
| Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames. | |||||