CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2008-2599 2008-07-15 2012-10-23
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2598.
452 CVE-2008-2598 2008-07-15 2012-10-23
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2599.
453 CVE-2008-2597 2008-07-15 2012-10-23
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2598 and CVE-2008-2599.
454 CVE-2008-2596 2008-07-15 2012-10-23
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the Mobile Application Server component in Oracle E-Business Suite 12.0.3 has unknown impact and remote authenticated attack vectors.
455 CVE-2008-2595 DoS 2008-07-15 2017-09-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference.
456 CVE-2008-2594 2008-07-15 2019-10-09
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593.
457 CVE-2008-2593 2008-07-15 2021-07-13
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.
458 CVE-2008-2592 Sql 2008-07-15 2018-10-11
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure.
459 CVE-2008-2591 2008-07-15 2012-10-23
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors.
460 CVE-2008-2590 2008-07-15 2012-10-23
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors.
461 CVE-2008-2589 Exec Code Sql 2008-07-15 2018-10-11
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.
462 CVE-2008-2587 2008-07-15 2012-10-23
1.5
None Local Medium ??? Partial None None
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors.
463 CVE-2008-2586 2008-07-15 2016-11-22
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606.
464 CVE-2008-2585 2008-07-15 2012-10-23
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.
465 CVE-2008-2583 2008-07-15 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors.
466 CVE-2008-2582 2008-07-15 2017-08-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors.
467 CVE-2008-2581 2008-07-15 2017-08-08
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer.
468 CVE-2008-2580 2008-07-15 2017-08-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors.
469 CVE-2008-2579 2008-07-15 2020-10-14
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
470 CVE-2008-2578 2008-07-15 2017-08-08
4.3
None Local Low ??? Partial Partial Partial
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors.
471 CVE-2008-2577 2008-07-15 2017-08-08
4.6
None Remote High ??? Partial Partial Partial
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors.
472 CVE-2008-2576 2008-07-15 2021-04-21
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors.
473 CVE-2008-2463 94 1 Exec Code 2008-07-07 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
474 CVE-2008-2430 189 Exec Code Overflow 2008-07-07 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
475 CVE-2008-2376 189 DoS Overflow 2008-07-09 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
476 CVE-2008-2375 399 DoS 2008-07-09 2018-10-11
7.1
None Remote Medium Not required None None Complete
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
477 CVE-2008-2374 20 DoS 2008-07-07 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
478 CVE-2008-2372 20 DoS 2008-07-02 2017-09-29
4.9
None Local Low Not required None None Complete
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."
479 CVE-2008-2371 119 DoS Exec Code Overflow 2008-07-07 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
480 CVE-2008-2318 200 +Info 2008-07-14 2017-08-08
5.0
None Remote Low Not required Partial None None
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.
481 CVE-2008-2317 399 DoS Exec Code 2008-07-14 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
482 CVE-2008-2314 264 2008-07-01 2020-02-10
4.4
None Local Medium Not required Partial Partial Partial
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
483 CVE-2008-2313 264 +Priv 2008-07-01 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.
484 CVE-2008-2311 362 Exec Code 2008-07-01 2017-08-08
7.6
None Remote High Not required Complete Complete Complete
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
485 CVE-2008-2310 134 DoS Exec Code 2008-07-01 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
486 CVE-2008-2309 264 Exec Code 2008-07-01 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
487 CVE-2008-2308 264 DoS +Priv Mem. Corr. 2008-07-01 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
488 CVE-2008-2304 119 DoS Exec Code Overflow 2008-07-14 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters.
489 CVE-2008-2303 189 DoS Exec Code 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
490 CVE-2008-2248 79 XSS 2008-07-08 2020-04-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.
491 CVE-2008-2247 79 XSS 2008-07-08 2020-04-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.
492 CVE-2008-2244 399 Exec Code 2008-07-09 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
493 CVE-2008-2232 264 +Priv 2008-07-17 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname.
494 CVE-2008-1946 264 +Priv 2008-07-28 2017-09-29
4.4
None Local Medium Not required Partial Partial Partial
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
495 CVE-2008-1809 119 Exec Code Overflow 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."
496 CVE-2008-1678 399 DoS 2008-07-10 2017-09-29
5.0
None Remote Low Not required None None Partial
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
497 CVE-2008-1676 255 Bypass 2008-07-07 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
498 CVE-2008-1667 189 2008-07-29 2017-08-08
7.8
None Remote Low Not required None None Complete
The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode.
499 CVE-2008-1666 2008-07-17 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update.
500 CVE-2008-1665 Exec Code 2008-07-17 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors.
Total number of vulnerabilities : 517   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.