CVE-2008-4359
- EPSS 4.35%
- Veröffentlicht 03.10.2008 17:41:40
- Zuletzt bearbeitet 16.06.2026 22:57:40
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive inform...
CVE-2008-4360
- EPSS 4.35%
- Veröffentlicht 03.10.2008 17:41:40
- Zuletzt bearbeitet 16.06.2026 22:57:40
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access r...
CVE-2008-4302
- EPSS 0.62%
- Veröffentlicht 29.09.2008 17:17:29
- Zuletzt bearbeitet 16.06.2026 22:57:33
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a deni...
CVE-2008-3837
- EPSS 3.27%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:56:38
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted...
CVE-2008-4058
- EPSS 5.08%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:04
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vec...
- EPSS 4.99%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:05
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) ...
- EPSS 4.99%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:05
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or po...
CVE-2008-4065
- EPSS 4.11%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:05
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) charact...
CVE-2008-4067
- EPSS 4.44%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:06
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) ...
CVE-2008-4068
- EPSS 4.17%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:06
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive inf...