Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2314

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Jul, 2008 | 18:00
Updated At-07 Aug, 2024 | 08:58
Rejected At-
Credits

Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Jul, 2008 | 18:00
Updated At:07 Aug, 2024 | 08:58
Rejected At:
▼CVE Numbering Authority (CNA)

Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT2163
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1981/references
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/30802
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/30018
vdb-entry
x_refsource_BID
http://securitytracker.com/id?1020395
vdb-entry
x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/43497
vdb-entry
x_refsource_XF
Hyperlink: http://support.apple.com/kb/HT2163
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/30802
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/30018
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://securitytracker.com/id?1020395
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43497
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://support.apple.com/kb/HT2163
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2008/1981/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/30802
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/30018
vdb-entry
x_refsource_BID
x_transferred
http://securitytracker.com/id?1020395
vdb-entry
x_refsource_SECTRACK
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/43497
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://support.apple.com/kb/HT2163
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/30802
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/30018
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://securitytracker.com/id?1020395
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43497
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Jul, 2008 | 18:41
Updated At:10 Feb, 2020 | 21:14

Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Apple Inc.
apple
>>mac_os_x>>10.4.1
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.2
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.3
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.4
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.5
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.6
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.7
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.8
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.9
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.10
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.11
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.1
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.2
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.3
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.1
cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.2
cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.3
cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.4
cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.5
cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.6
cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.7
cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.8
cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.9
cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.10
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.11
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5
cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.1
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.2
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.3
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlcve@mitre.org
N/A
http://secunia.com/advisories/30802cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1020395cve@mitre.org
N/A
http://support.apple.com/kb/HT2163cve@mitre.org
N/A
http://www.securityfocus.com/bid/30018cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/1981/referencescve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/43497cve@mitre.org
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/30802
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1020395
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT2163
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30018
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/43497
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

111Records found
CVE-2007-5043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.49%
||
7 Day CHG~0.00%
Published-24 Sep, 2007 | 00:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074.

Action-Not Available
Vendor-n/aKaspersky Lab
Product-kaspersky_internet_securityn/a
CWE ID-CWE-264
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4849
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 21.58%
||
7 Day CHG~0.00%
Published-12 Sep, 2007 | 20:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.

Action-Not Available
Vendor-one_laptop_per_childn/a
Product-olpc_linuxn/a
CWE ID-CWE-264
Not Available
CVE-2007-4563
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-28 Aug, 2007 | 01:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-cosminexus_application_server_standarducosminexus_service_platformucosminexus_application_server_enterpriseelectronic_form_workflow_-_standard_setucosminexus_application_server_standardelectronic_form_workflow_-professional_library_setcosminexus_application_server_enterprisen/a
CWE ID-CWE-264
Not Available
CVE-2007-3740
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 32.27%
||
7 Day CHG~0.00%
Published-14 Sep, 2007 | 01:00
Updated-07 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-264
Not Available
CVE-2007-2063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-18 Apr, 2007 | 02:20
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.

Action-Not Available
Vendor-sshn/a
Product-tectia_servern/a
CWE ID-CWE-264
Not Available
CVE-2019-11773
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.64%
||
7 Day CHG~0.00%
Published-12 Sep, 2019 | 17:25
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-omrEclipse OMR
CWE ID-CWE-264
Not Available
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2017-18450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 16:24
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-264
Not Available
CVE-2020-7260
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.56%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 10:55
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MACC installer DLL side loading

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.

Action-Not Available
Vendor-McAfee, LLC
Product-application_and_change_controlMcafee Application and Change Control (MACC)
CWE ID-CWE-264
Not Available
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-0164
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.20%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aLenovo Group LimitedIntel Corporation
Product-thinkstation_p910_firmwarethinkstation_p710_firmwarethinkstation_p510thinkstation_p710thinkstation_p910thinkstation_p410_firmwarethinkstation_p410thinkstation_p510_firmwareturbo_boost_max_technology_3.0Intel(R) Turbo Boost Max Technology 3.0
CWE ID-CWE-264
Not Available
CVE-2008-1946
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-28 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

Action-Not Available
Vendor-n/aGNU
Product-coreutilsn/a
CWE ID-CWE-264
Not Available
CVE-2007-3852
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-14 Aug, 2007 | 18:00
Updated-07 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

Action-Not Available
Vendor-sysstatn/a
Product-sysstatn/a
CWE ID-CWE-264
Not Available
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found