CVE-2008-1672
- EPSS 5%
- Veröffentlicht 29.05.2008 16:32:00
- Zuletzt bearbeitet 16.06.2026 22:52:13
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
CVE-2008-2009
- EPSS 3.51%
- Veröffentlicht 16.05.2008 12:54:00
- Zuletzt bearbeitet 16.06.2026 22:52:55
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tre...
CVE-2008-2136
- EPSS 4.93%
- Veröffentlicht 16.05.2008 12:54:00
- Zuletzt bearbeitet 16.06.2026 22:53:10
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT...
CVE-2008-0166
- EPSS 70.72%
- Veröffentlicht 13.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:49:03
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptograp...
CVE-2008-2108
- EPSS 4.29%
- Veröffentlicht 07.05.2008 21:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:07
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a...
- EPSS 10.92%
- Veröffentlicht 05.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:49:57
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2008-2079
- EPSS 2.59%
- Veröffentlicht 05.05.2008 16:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:03
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY argume...
CVE-2008-1375
- EPSS 0.31%
- Veröffentlicht 02.05.2008 16:05:00
- Zuletzt bearbeitet 16.06.2026 22:51:36
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
CVE-2008-1887
- EPSS 6.29%
- Veröffentlicht 18.04.2008 17:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:41
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when asse...
CVE-2008-1721
- EPSS 22.62%
- Veröffentlicht 10.04.2008 19:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:21
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.