Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
24-03-2020 - 18:19 08-07-2008 - 23:41
CVE-2008-3614 6.8
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
30-10-2018 - 16:25 11-09-2008 - 01:13
CVE-2008-2327 6.8
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file,
11-10-2018 - 20:40 27-08-2008 - 20:41
CVE-2008-1657 6.5
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
11-10-2018 - 20:35 02-04-2008 - 18:44
CVE-2008-1483 6.9
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and
11-10-2018 - 20:35 24-03-2008 - 23:44
CVE-2008-1387 4.3
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
11-10-2018 - 20:33 16-04-2008 - 16:05
CVE-2008-1382 7.5
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which
11-10-2018 - 20:32 14-04-2008 - 16:05
CVE-2008-3621 9.3
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3622 4.3
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injecti
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3610 7.6
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account,
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3611 6.3
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user'
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3608 9.3
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3613 6.1
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3609 7.2
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3616 10.0
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrus
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-3619 2.1
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.
08-08-2017 - 01:32 16-09-2008 - 23:00
CVE-2008-2713 5.0
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
08-08-2017 - 01:31 16-06-2008 - 21:41
CVE-2008-3215 5.0
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
08-08-2017 - 01:31 18-07-2008 - 16:41
CVE-2008-2329 1.9
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
08-08-2017 - 01:30 16-09-2008 - 23:00
CVE-2008-1837 5.0
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
08-08-2017 - 01:30 16-04-2008 - 16:05
CVE-2008-2332 9.3
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
08-08-2017 - 01:30 16-09-2008 - 23:00
CVE-2008-2330 4.9
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "ins
08-08-2017 - 01:30 16-09-2008 - 23:00
CVE-2008-1833 7.5
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
08-08-2017 - 01:30 16-04-2008 - 15:05
CVE-2008-1835 5.0
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
08-08-2017 - 01:30 16-04-2008 - 16:05
CVE-2008-2312 4.9
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
08-08-2017 - 01:30 16-09-2008 - 23:00
CVE-2008-2331 5.0
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that w
08-08-2017 - 01:30 16-09-2008 - 23:00
CVE-2008-1836 4.3
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
08-08-2017 - 01:30 16-04-2008 - 16:05
CVE-2008-2305 9.3
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
08-08-2017 - 01:30 16-09-2008 - 23:00
CVE-2008-0314 7.5
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
08-08-2017 - 01:29 16-04-2008 - 15:05
CVE-2008-1100 10.0
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
08-08-2017 - 01:29 14-04-2008 - 16:05
Back to Top Mark selected
Back to Top