Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 804

Количество 63 804

ubuntu логотип

CVE-2008-3698

больше 17 лет назад

Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2008-3688

больше 17 лет назад

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3687

больше 17 лет назад

Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2008-3686

больше 17 лет назад

The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.

CVSS2: 4.9
EPSS: Низкий
ubuntu логотип

CVE-2008-3663

больше 17 лет назад

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-3662

больше 17 лет назад

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-3661

больше 17 лет назад

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-3660

больше 17 лет назад

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

CVSS2: 5
EPSS: Средний
ubuntu логотип

CVE-2008-3659

больше 17 лет назад

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.

CVSS2: 6.4
EPSS: Средний
ubuntu логотип

CVE-2008-3658

больше 17 лет назад

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2008-3657

больше 17 лет назад

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2008-3656

больше 17 лет назад

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

CVSS2: 7.8
EPSS: Высокий
ubuntu логотип

CVE-2008-3655

больше 17 лет назад

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2008-3654

больше 17 лет назад

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-3653

больше 17 лет назад

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2008-3652

больше 17 лет назад

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

CVSS2: 7.8
EPSS: Средний
ubuntu логотип

CVE-2008-3651

больше 17 лет назад

Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2008-3650

больше 17 лет назад

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

CVSS2: 9
EPSS: Низкий
ubuntu логотип

CVE-2008-3641

больше 17 лет назад

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

CVSS2: 10
EPSS: Средний
ubuntu логотип

CVE-2008-3640

больше 17 лет назад

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

CVSS2: 6.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2008-3698

Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3688

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.

CVSS3: 7.5
2%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3687

Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.

CVSS2: 6.8
2%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3686

The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.

CVSS2: 4.9
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3663

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS2: 5
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3662

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS2: 5
1%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3661

Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS2: 5
2%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3660

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

CVSS2: 5
16%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3659

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.

CVSS2: 6.4
14%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3658

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

CVSS2: 7.5
11%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

CVSS2: 7.5
25%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

CVSS2: 7.8
73%
Высокий
больше 17 лет назад
ubuntu логотип
CVE-2008-3655

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.

CVSS2: 7.5
39%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3654

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

CVSS2: 5
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3653

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.

CVSS2: 10
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3652

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

CVSS2: 7.8
21%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3651

Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.

CVSS2: 4
5%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3650

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

CVSS2: 9
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3641

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

CVSS2: 10
48%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3640

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

CVSS2: 6.8
9%
Низкий
больше 17 лет назад

Уязвимостей на страницу