| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
451 |
CVE-2008-2599 |
|
|
|
2008-07-15 |
2012-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2598. |
|
452 |
CVE-2008-2598 |
|
|
|
2008-07-15 |
2012-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2599. |
|
453 |
CVE-2008-2597 |
|
|
|
2008-07-15 |
2012-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2598 and CVE-2008-2599. |
|
454 |
CVE-2008-2596 |
|
|
|
2008-07-15 |
2012-10-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Mobile Application Server component in Oracle E-Business Suite 12.0.3 has unknown impact and remote authenticated attack vectors. |
|
455 |
CVE-2008-2595 |
|
|
DoS |
2008-07-15 |
2017-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference. |
|
456 |
CVE-2008-2594 |
|
|
|
2008-07-15 |
2019-10-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593. |
|
457 |
CVE-2008-2593 |
|
|
|
2008-07-15 |
2021-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594. |
|
458 |
CVE-2008-2592 |
|
|
Sql |
2008-07-15 |
2018-10-11 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure. |
|
459 |
CVE-2008-2591 |
|
|
|
2008-07-15 |
2012-10-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors. |
|
460 |
CVE-2008-2590 |
|
|
|
2008-07-15 |
2012-10-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors. |
|
461 |
CVE-2008-2589 |
|
|
Exec Code Sql |
2008-07-15 |
2018-10-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure. |
|
462 |
CVE-2008-2587 |
|
|
|
2008-07-15 |
2012-10-23 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors. |
|
463 |
CVE-2008-2586 |
|
|
|
2008-07-15 |
2016-11-22 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606. |
|
464 |
CVE-2008-2585 |
|
|
|
2008-07-15 |
2012-10-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors. |
|
465 |
CVE-2008-2583 |
|
|
|
2008-07-15 |
2012-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors. |
|
466 |
CVE-2008-2582 |
|
|
|
2008-07-15 |
2017-08-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors. |
|
467 |
CVE-2008-2581 |
|
|
|
2008-07-15 |
2017-08-08 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer. |
|
468 |
CVE-2008-2580 |
|
|
|
2008-07-15 |
2017-08-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors. |
|
469 |
CVE-2008-2579 |
|
|
|
2008-07-15 |
2020-10-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors. |
|
470 |
CVE-2008-2578 |
|
|
|
2008-07-15 |
2017-08-08 |
4.3 |
None |
Local |
Low |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. |
|
471 |
CVE-2008-2577 |
|
|
|
2008-07-15 |
2017-08-08 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors. |
|
472 |
CVE-2008-2576 |
|
|
|
2008-07-15 |
2021-04-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors. |
|
473 |
CVE-2008-2463 |
94 |
1
|
Exec Code |
2008-07-07 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
|
474 |
CVE-2008-2430 |
189 |
|
Exec Code Overflow |
2008-07-07 |
2018-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. |
|
475 |
CVE-2008-2376 |
189 |
|
DoS Overflow |
2008-07-09 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. |
|
476 |
CVE-2008-2375 |
399 |
|
DoS |
2008-07-09 |
2018-10-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. |
|
477 |
CVE-2008-2374 |
20 |
|
DoS |
2008-07-07 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. |
|
478 |
CVE-2008-2372 |
20 |
|
DoS |
2008-07-02 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages." |
|
479 |
CVE-2008-2371 |
119 |
|
DoS Exec Code Overflow |
2008-07-07 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. |
|
480 |
CVE-2008-2318 |
200 |
|
+Info |
2008-07-14 |
2017-08-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. |
|
481 |
CVE-2008-2317 |
399 |
|
DoS Exec Code |
2008-07-14 |
2018-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. |
|
482 |
CVE-2008-2314 |
264 |
|
|
2008-07-01 |
2020-02-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. |
|
483 |
CVE-2008-2313 |
264 |
|
+Priv |
2008-07-01 |
2017-08-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. |
|
484 |
CVE-2008-2311 |
362 |
|
Exec Code |
2008-07-01 |
2017-08-08 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. |
|
485 |
CVE-2008-2310 |
134 |
|
DoS Exec Code |
2008-07-01 |
2017-08-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. |
|
486 |
CVE-2008-2309 |
264 |
|
Exec Code |
2008-07-01 |
2017-08-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. |
|
487 |
CVE-2008-2308 |
264 |
|
DoS +Priv Mem. Corr. |
2008-07-01 |
2017-08-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. |
|
488 |
CVE-2008-2304 |
119 |
|
DoS Exec Code Overflow |
2008-07-14 |
2018-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters. |
|
489 |
CVE-2008-2303 |
189 |
|
DoS Exec Code |
2008-07-14 |
2017-08-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. |
|
490 |
CVE-2008-2248 |
79 |
|
XSS |
2008-07-08 |
2020-04-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. |
|
491 |
CVE-2008-2247 |
79 |
|
XSS |
2008-07-08 |
2020-04-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. |
|
492 |
CVE-2008-2244 |
399 |
|
Exec Code |
2008-07-09 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. |
|
493 |
CVE-2008-2232 |
264 |
|
+Priv |
2008-07-17 |
2017-08-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname. |
|
494 |
CVE-2008-1946 |
264 |
|
+Priv |
2008-07-28 |
2017-09-29 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. |
|
495 |
CVE-2008-1809 |
119 |
|
Exec Code Overflow |
2008-07-14 |
2017-08-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." |
|
496 |
CVE-2008-1678 |
399 |
|
DoS |
2008-07-10 |
2017-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. |
|
497 |
CVE-2008-1676 |
255 |
|
Bypass |
2008-07-07 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. |
|
498 |
CVE-2008-1667 |
189 |
|
|
2008-07-29 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode. |
|
499 |
CVE-2008-1666 |
|
|
|
2008-07-17 |
2011-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update. |
|
500 |
CVE-2008-1665 |
|
|
Exec Code |
2008-07-17 |
2017-08-08 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors. |
