Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-13 | CVE-2008-4989 | Improper Certificate Validation vulnerability in multiple products The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | 5.9 |
| 2008-11-12 | CVE-2008-5044 | Race Condition vulnerability in Microsoft Windows Server 2003 and Windows Vista Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. | 4.0 |
| 2008-11-12 | CVE-2008-4033 | Information Exposure vulnerability in Microsoft XML Core Services Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." | 4.3 |
| 2008-11-12 | CVE-2008-5039 | Cross-Site Scripting vulnerability in PHP-Nuke League Module 2.4 Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php. | 4.3 |
| 2008-11-10 | CVE-2008-5035 | Resource Management Errors vulnerability in IBM Hardware Management Console 3.2.0/3.3.0 The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length. | 5.0 |
| 2008-11-10 | CVE-2008-5029 | Local Denial of Service vulnerability in Linux Kernel '__scm_destroy()' The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. | 4.9 |
| 2008-11-10 | CVE-2008-5027 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. | 6.5 |
| 2008-11-10 | CVE-2008-5011 | Cross-Site Scripting vulnerability in IBM Lotus Quickr Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860. | 4.3 |
| 2008-11-10 | CVE-2008-5009 | Race Condition vulnerability in SUN Solstice X.25 9.2 Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file. | 4.0 |
| 2008-11-10 | CVE-2008-5007 | Link Following vulnerability in Lazarus 0.9.24 create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory. | 6.9 |