CVE-2008-2374
- EPSS 4.29%
- Veröffentlicht 07.07.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:39
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspeci...
- EPSS 12.71%
- Veröffentlicht 13.06.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:38
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service...
CVE-2008-2575
- EPSS 2.65%
- Veröffentlicht 06.06.2008 22:32:00
- Zuletzt bearbeitet 16.06.2026 22:54:01
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
CVE-2008-2108
- EPSS 4.29%
- Veröffentlicht 07.05.2008 21:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:07
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a...
- EPSS 10.92%
- Veröffentlicht 05.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:49:57
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2008-1375
- EPSS 0.31%
- Veröffentlicht 02.05.2008 16:05:00
- Zuletzt bearbeitet 16.06.2026 22:51:36
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
CVE-2008-1567
- EPSS 0.3%
- Veröffentlicht 31.03.2008 22:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:59
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
CVE-2008-0062
- EPSS 10.14%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer derefe...
CVE-2008-0063
- EPSS 3.48%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
- EPSS 18.16%
- Veröffentlicht 04.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:05
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access a...