Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-04 | CVE-2008-4905 | Use of Insufficiently Random Values vulnerability in Typosphere Typo Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack. | 7.5 |
| 2008-10-15 | CVE-2008-4577 | Incorrect Authorization vulnerability in multiple products The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | 7.5 |
| 2008-10-15 | CVE-2008-3475 | Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." | 8.8 |
| 2008-09-27 | CVE-2008-4197 | Use of Uninitialized Resource vulnerability in Opera Browser Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. | 8.8 |
| 2008-09-26 | CVE-2008-3637 | Improper Initialization vulnerability in Apple mac OS X and mac OS X Server The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | 8.8 |
| 2008-08-29 | CVE-2008-3282 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | 7.8 |
| 2008-08-18 | CVE-2008-3324 | Download of Code Without Integrity Check vulnerability in Party Gaming Party Poker Client 121120 The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | 8.1 |
| 2008-08-14 | CVE-2008-3688 | Use of Uninitialized Resource vulnerability in Havp Http Antivirus Proxy 0.88 sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable. | 7.5 |
| 2008-08-12 | CVE-2008-3597 | NULL Pointer Dereference vulnerability in Skulltag 0.97D2 Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | 7.5 |
| 2008-08-05 | CVE-2008-3431 | Unspecified vulnerability in Oracle Virtualbox 1.6.0/1.6.2 The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address. | 8.8 |