Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1572 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
CVE-2008-1592 3 Hp, Ibm, Tandem Computers 3 Nonstop, Websphere Mq, Tandem Operating System 2026-04-23 N/A
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."
CVE-2008-1593 1 Ibm 1 Aix 2026-04-23 N/A
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
CVE-2008-1595 1 Ibm 1 Aix 2026-04-23 N/A
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
CVE-2008-1596 1 Ibm 1 Aix 2026-04-23 N/A
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.
CVE-2008-1599 1 Ibm 1 Aix 2026-04-23 N/A
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
CVE-2008-1600 1 Ibm 1 Aix 2026-04-23 N/A
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
CVE-2008-1614 1 Sebastian Marsching 1 Suphp 2026-04-23 N/A
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.
CVE-2008-1625 1 Avast 2 Avast Antivirus Home, Avast Antivirus Professional 2026-04-23 N/A
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
CVE-2008-1627 1 Cds Software Consortium 1 Invenio 2026-04-23 N/A
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
CVE-2008-1628 1 Linux 1 Audit 2026-04-23 N/A
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
CVE-2008-1638 1 Nik Software Inc 1 Nik Sharpener Pro 2026-04-23 N/A
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
CVE-2007-6167 1 Suse 1 Suse Linux 2026-04-23 N/A
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
CVE-2008-1656 1 Adobe 1 Coldfusion 2026-04-23 N/A
Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.
CVE-2008-1657 1 Openbsd 1 Openssh 2026-04-23 N/A
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
CVE-2008-1668 1 Hp 1 Hp-ux 2026-04-23 N/A
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
CVE-2008-1681 1 Ibm 1 Db2 Content Manager 2026-04-23 N/A
Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.
CVE-2008-1692 1 Eterm 1 Eterm 2026-04-23 N/A
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
CVE-2008-1710 1 Ibm 1 Aix 2026-04-23 N/A
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
CVE-2008-1731 2 3281d, Drupal 2 Simple Access, Drupal 2026-04-23 N/A
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.