The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2008-1694 | vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | Medium | Apr 22, 2008 | n/a |
| CVE-2008-1693 | The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. | Medium | Apr 18, 2008 | n/a |
| CVE-2008-1692 | Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. | Medium | Apr 8, 2008 | n/a |
| CVE-2008-1691 | Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information. | Medium | Apr 8, 2008 | n/a |
| CVE-2008-1690 | WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information. | High | Apr 8, 2008 | n/a |
| CVE-2008-1689 | Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party information. | High | Apr 8, 2008 | n/a |
| CVE-2008-1688 | Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries. | High | Apr 10, 2008 | n/a |
| CVE-2008-1687 | The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | High | Apr 9, 2008 | n/a |
| CVE-2008-1686 | Uncontrolled array index in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | Medium | Apr 8, 2008 | n/a |
| CVE-2008-1685 | gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might remove length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks. | Medium | Apr 7, 2008 | n/a |
| CVE-2008-1684 | inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | Medium | Apr 7, 2008 | n/a |
| CVE-2008-1683 | xscreensaver on Fedora 8, when an NIS authentication server is enabled, exits if this server is unavailable as the xscreensaver process is starting, which allows physically proximate attackers to gain access to a workstation session for which locking was intended, a related issue to CVE-2007-1859. | Low | Apr 7, 2008 | n/a |
| CVE-2008-1682 | PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter. | Medium | Apr 7, 2008 | n/a |
| CVE-2008-1681 | Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege. | High | Apr 7, 2008 | n/a |
| CVE-2008-1680 | PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc. | High | Apr 4, 2008 | n/a |
| CVE-2008-1679 | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | Medium | Apr 22, 2008 | n/a |
| CVE-2008-1678 | Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. | Medium | Jul 10, 2008 | n/a |
| CVE-2008-1677 | Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. | High | May 12, 2008 | n/a |
| CVE-2008-1676 | Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. | High | Jul 11, 2008 | n/a |
| CVE-2008-1675 | The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. | High | May 5, 2008 | n/a |
| CVE-2008-1674 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | REJECT | Mar 26, 2009 | n/a |
| CVE-2008-1673 | The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. | High | Jun 10, 2008 | n/a |
| CVE-2008-1672 | OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites. | Medium | May 30, 2008 | n/a |
| CVE-2008-1671 | start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. | High | Apr 28, 2008 | n/a |
| CVE-2008-1670 | Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. | High | Apr 28, 2008 | n/a |
| CVE-2008-1669 | Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." | Medium | May 9, 2008 | n/a |
| CVE-2008-1668 | Unspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX B.11.11 allows remote attackers to gain privileges via unknown vectors. | High | Aug 14, 2008 | n/a |
| CVE-2008-1667 | The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode. | High | Jul 30, 2008 | n/a |
| CVE-2008-1666 | Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update. | High | Jul 22, 2008 | n/a |
| CVE-2008-1665 | Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified vectors. | High | Jul 17, 2008 | n/a |
| CVE-2008-1664 | Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. | High | Aug 12, 2008 | n/a |
| CVE-2008-1663 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 14, 2008 | n/a |
| CVE-2008-1662 | Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an empty systems list. | High | Aug 1, 2008 | n/a |
| CVE-2008-1661 | Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request. | High | Jun 5, 2008 | n/a |
| CVE-2008-1660 | Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors. | Medium | May 21, 2008 | n/a |
| CVE-2008-1659 | Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. | High | May 9, 2008 | n/a |
| CVE-2008-1658 | Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. | Medium | Apr 11, 2008 | n/a |
| CVE-2008-1657 | OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. | Medium | Apr 3, 2008 | n/a |
| CVE-2008-1656 | Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | High | Apr 9, 2008 | n/a |
| CVE-2008-1655 | Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors. | Medium | Apr 10, 2008 | n/a |
| CVE-2008-1654 | Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. | High | Apr 3, 2008 | n/a |
| CVE-2008-1653 | Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Apr 3, 2008 | n/a |
| CVE-2008-1652 | Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information. | High | Apr 3, 2008 | n/a |
| CVE-2008-1651 | Directory traversal vulnerability in admin/login.php in EasyUnchangeds 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | High | Apr 3, 2008 | n/a |
| CVE-2008-1650 | SQL injection vulnerability in dynamicpages/index.php in EasyUnchangeds 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_Unchangeds action. | High | Apr 3, 2008 | n/a |
| CVE-2008-1649 | Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyUnchangeds 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action. | Medium | Apr 3, 2008 | n/a |
| CVE-2008-1648 | Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information. | High | Apr 3, 2008 | n/a |
| CVE-2008-1647 | The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information. | High | Apr 3, 2008 | n/a |
| CVE-2008-1646 | SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | High | Apr 3, 2008 | n/a |
| CVE-2008-1645 | Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter. | High | Apr 3, 2008 | n/a |
