Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-14 | CVE-2008-3688 | Use of Uninitialized Resource vulnerability in Havp Http Antivirus Proxy 0.88 sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable. | 7.5 |
| 2008-08-12 | CVE-2008-3597 | NULL Pointer Dereference vulnerability in Skulltag 0.97D2 Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | 7.5 |
| 2008-08-05 | CVE-2008-3431 | Unspecified vulnerability in Oracle Virtualbox 1.6.0/1.6.2 The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address. | 8.8 |
| 2008-08-01 | CVE-2008-3438 | Download of Code Without Integrity Check vulnerability in Apple mac OS X Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 8.1 |
| 2008-07-24 | CVE-2008-3289 | Cleartext Transmission of Sensitive Information vulnerability in Storcentric Retrospect Backup Client 7.5.116 EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. | 7.5 |
| 2008-07-22 | CVE-2008-3188 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Opensuse 11.0 libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords. | 7.5 |
| 2008-07-18 | CVE-2008-2934 | Use of Uninitialized Resource vulnerability in multiple products Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | 8.8 |
| 2008-07-09 | CVE-2008-2931 | Improper Privilege Management vulnerability in multiple products The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | 7.8 |
| 2008-07-09 | CVE-2008-2812 | NULL Pointer Dereference vulnerability in multiple products The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. | 7.8 |
| 2008-05-13 | CVE-2008-0322 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows XP The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. | 7.8 |