Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-10 | CVE-2008-4533 | Cross-Site Scripting vulnerability in Katan web Server 1.6 Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2008-10-10 | CVE-2008-4394 | Local Privilege Escalation vulnerability in Gentoo 'sys-apps/portage' Search Path Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. local gentoo | 6.9 |
| 2008-10-10 | CVE-2008-4215 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 10.4.11 Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. | 7.5 |
| 2008-10-10 | CVE-2008-4214 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | 4.6 |
| 2008-10-10 | CVE-2008-4212 | Configuration vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | 10.0 |
| 2008-10-10 | CVE-2008-4211 | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." | 10.0 |
| 2008-10-10 | CVE-2008-3647 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. | 9.3 |
| 2008-10-10 | CVE-2008-3646 | Race Condition vulnerability in Apple mac OS X 10.5.5 The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | 6.8 |
| 2008-10-10 | CVE-2008-3645 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. | 7.2 |
| 2008-10-10 | CVE-2008-3643 | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-007 Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." | 7.8 |