Vulnerabilities > Redhat > Desktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-07 | CVE-2008-2808 | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | 4.3 |
| 2008-05-23 | CVE-2008-1767 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat products Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. | 7.5 |
| 2008-05-14 | CVE-2008-1944 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN 3.0/3.0.3 Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of messages." https://bugzilla.redhat.com/show_bug.cgi?id=443078 "The PVFB backend is a user space program running as root in dom0" | 7.2 |
| 2008-05-14 | CVE-2008-1943 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xensource XEN Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. | 2.1 |
| 2008-02-26 | CVE-2008-0597 | Resource Management Errors vulnerability in Easy Software products Cups 1.1.17/1.1.22 Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. | 5.0 |