Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 796

Количество 63 796

ubuntu логотип

CVE-2008-4576

больше 17 лет назад

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.

CVSS2: 7.8
EPSS: Низкий
ubuntu логотип

CVE-2008-4575

больше 17 лет назад

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-4571

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2008-4558

больше 17 лет назад

Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.

CVSS2: 6.8
EPSS: Средний
ubuntu логотип

CVE-2008-4555

больше 17 лет назад

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.

CVSS2: 8.5
EPSS: Низкий
ubuntu логотип

CVE-2008-4554

больше 17 лет назад

The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.

CVSS2: 4.6
EPSS: Низкий
ubuntu логотип

CVE-2008-4553

больше 17 лет назад

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2008-4552

больше 17 лет назад

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2008-4551

больше 17 лет назад

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-4546

больше 17 лет назад

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

CVSS2: 4.3
EPSS: Средний
ubuntu логотип

CVE-2008-4539

около 17 лет назад

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2008-4514

больше 17 лет назад

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-4503

больше 17 лет назад

The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2008-4482

больше 17 лет назад

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.

CVSS2: 7.8
EPSS: Низкий
ubuntu логотип

CVE-2008-4477

больше 17 лет назад

alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2008-4476

больше 17 лет назад

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

CVSS2: 6.9
EPSS: Низкий
ubuntu логотип

CVE-2008-4475

больше 17 лет назад

ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2008-4474

больше 17 лет назад

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2008-4456

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2008-4445

больше 17 лет назад

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.

CVSS2: 4.7
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2008-4576

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.

CVSS2: 7.8
5%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4575

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."

CVSS2: 5
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4571

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.

CVSS2: 4.3
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4558

Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.

CVSS2: 6.8
20%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-4555

Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.

CVSS2: 8.5
5%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4554

The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.

CVSS2: 4.6
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4553

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4552

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).

CVSS2: 5
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4546

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

CVSS2: 4.3
36%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

CVSS2: 7.2
0%
Низкий
около 17 лет назад
ubuntu логотип
CVE-2008-4514

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.

CVSS2: 5
5%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4503

The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."

CVSS2: 6.8
9%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4482

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.

CVSS2: 7.8
2%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4477

alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4476

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

CVSS2: 6.9
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4475

ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4474

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4456

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

CVSS2: 2.6
6%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-4445

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.

CVSS2: 4.7
0%
Низкий
больше 17 лет назад

Уязвимостей на страницу