Vulnerabilities > Redhat > Fedora > 8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-21 | CVE-2008-3252 | Buffer Errors vulnerability in Fedora Newsx 1.6 Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. | 10.0 |
| 2008-07-07 | CVE-2008-2808 | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | 4.3 |
| 2008-04-15 | CVE-2008-1796 | Denial-Of-Service vulnerability in Comix 3.6.4 Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. | 4.9 |
| 2008-03-31 | CVE-2008-1552 | Numeric Errors vulnerability in Silc products The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. | 6.8 |
| 2008-03-24 | CVE-2008-0073 | Numeric Errors vulnerability in Xine Xine-Lib 1.1.10.1 Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | 6.8 |
| 2008-03-24 | CVE-2008-1292 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | 4.3 |
| 2008-03-24 | CVE-2008-1291 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | 4.3 |
| 2008-03-24 | CVE-2008-1290 | Information Exposure vulnerability in Viewvc 1.0.2/1.0.3 ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. | 4.3 |
| 2008-02-25 | CVE-2008-0932 | Improper Input Validation vulnerability in the Sword Project Diatheke Front END and Sword diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. | 7.5 |
| 2008-02-11 | CVE-2008-0668 | Numeric Errors vulnerability in Gnome Gnumeric The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. | 9.3 |