Total
29592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4869 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2024-11-21 | 10.0 HIGH | N/A |
| FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | |||||
| CVE-2008-4868 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | |||||
| CVE-2008-4841 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Xp and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. | |||||
| CVE-2008-4816 | 2 Adobe, Microsoft | 4 Acrobat, Acrobat Reader, Download Manager and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. | |||||
| CVE-2008-4809 | 1 Ibm | 1 Lotus Connections | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4793 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 HIGH | N/A |
| The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | |||||
| CVE-2008-4731 | 1 Michael Christen | 1 Yacy | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors. | |||||
| CVE-2008-4722 | 1 Sun | 37 Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System and 34 more | 2024-11-21 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors. | |||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2024-11-21 | 7.5 HIGH | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
| CVE-2008-4692 | 1 Ibm | 1 Db2 | 2024-11-21 | 10.0 HIGH | N/A |
| The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | |||||
| CVE-2008-4691 | 1 Ibm | 1 Db2 | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | |||||
| CVE-2008-4690 | 1 Lynx | 1 Lynx | 2024-11-21 | 10.0 HIGH | N/A |
| lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. | |||||
| CVE-2008-4676 | 1 Citrix | 3 Access Essentials, Presentation Server, Xenapp | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. | |||||
| CVE-2008-4641 | 1 Sentex | 1 Jhead | 2024-11-21 | 10.0 HIGH | N/A |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||||
| CVE-2008-4640 | 1 Sentex | 1 Jhead | 2024-11-21 | 3.6 LOW | N/A |
| The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. | |||||
| CVE-2008-4639 | 1 Sentex | 1 Jhead | 2024-11-21 | 4.6 MEDIUM | N/A |
| jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2008-4630 | 1 Midgard | 1 Midgard Components Framework | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors. | |||||
| CVE-2008-4619 | 1 Sun | 1 Sunos | 2024-11-21 | 10.0 HIGH | N/A |
| The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165. | |||||
| CVE-2008-4618 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 HIGH | N/A |
| The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. | |||||
| CVE-2008-4615 | 1 Portalapp | 1 Portalapp | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors. | |||||