Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-26 | CVE-2008-3637 | Improper Initialization vulnerability in Apple mac OS X and mac OS X Server The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | 8.8 |
| 2008-09-11 | CVE-2008-3612 | Use of Insufficiently Random Values vulnerability in Apple Iphone OS 2.0.0/2.0.1/2.0.2 The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection. | 9.8 |
| 2008-09-04 | CVE-2007-6716 | fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | 5.5 |
| 2008-08-29 | CVE-2008-3282 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | 7.8 |
| 2008-08-27 | CVE-2008-3281 | XML Entity Expansion vulnerability in multiple products libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | 6.5 |
| 2008-08-27 | CVE-2008-2433 | Use of Insufficiently Random Values vulnerability in Trendmicro products The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. | 9.8 |
| 2008-08-22 | CVE-2008-3775 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Newsoftwares Folder Lock Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value. | 4.4 |
| 2008-08-18 | CVE-2008-3324 | Download of Code Without Integrity Check vulnerability in Party Gaming Party Poker Client 121120 The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | 8.1 |
| 2008-08-14 | CVE-2008-3688 | Use of Uninitialized Resource vulnerability in Havp Http Antivirus Proxy 0.88 sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable. | 7.5 |
| 2008-08-14 | CVE-2008-2369 | Use of Hard-coded Credentials vulnerability in Redhat Satellite manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | 9.1 |