Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 485

Warning: Undefined variable $scrape_url_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 525

Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

CVE-2008-3844

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. This alert is primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers. Packages obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are not at risk. Redhat has provided a shell script which lists the affected packages and can verify that none of them are installed on a system at the following location: https://www.redhat.com/security/data/openssh-blacklist-1.0.sh

Publication date: Thu, 28 Aug 2008 01:41:00 +0000

Cyber News related to CVE-2008-3844

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2008-3844 - Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. ...
8 years ago

Apple Patches Webkit Code Execution Flaws - SecurityWeek - Apple on Wednesday released software updates to patch a critical code execution vulnerability in its WebKit engine, which is included in the company’s operating systems, as well as in web browsers such as Safari and others. ...
2 years ago Securityweek.com

CVE-2007-2280 - Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL ...
15 years ago

CVE-2006-3844 - Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027. ...
8 years ago

CVE-2007-3844 - Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an ...
6 years ago

CVE-2021-3844 - Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated ...
2 years ago

CVE-2019-3844 - It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker ...
3 years ago

CVE-2005-3844 - SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. ...
14 years ago

CVE-2014-3844 - The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. ...
11 years ago

CVE-2015-3844 - The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as ...
9 years ago

CVE-2016-3844 - mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517. ...
8 years ago

CVE-2017-3844 - A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration ...
8 years ago

CVE-2012-3844 - Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. ...
8 years ago

CVE-2011-3844 - Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page. ...
7 years ago

CVE-2009-3844 - Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet. ...
6 years ago

CVE-2010-3844 - An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. ...
5 years ago

CVE-2020-3844 - This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state. ...
4 years ago

CVE-2018-3844 - In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution. ...
2 years ago

CVE-2023-3844 - A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. ...
2 years ago

CVE-2022-3844 - A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. ...
1 year ago

CVE-2013-3844 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none ...
55 years ago Tenable.com

CVE-2024-3844 - Inappropriate implementation in Extensions. ...
1 year ago Tenable.com

CVE-2025-3844 - The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes ...
3 months ago

CVE-2021-46929 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CVE-2008-1378 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2360, CVE-2008-2361, CVE-2008-2362. Reason: This candidate has been withdrawn by its CNA. It was SPLIT into separate candidates before publication. Notes: All CVE users should ...
55 years ago Tenable.com