Filtered by vendor Fedoraproject Subscriptions
Total 5259 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-0532 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2024-11-21 N/A
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2011-0495 3 Debian, Digium, Fedoraproject 6 Debian Linux, Asterisk, Asterisknow and 3 more 2024-11-21 N/A
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
CVE-2011-0022 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2024-11-21 N/A
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.
CVE-2011-0019 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2024-11-21 N/A
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
CVE-2010-5312 7 Apache, Debian, Drupal and 4 more 7 Drill, Debian Linux, Drupal and 4 more 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
CVE-2010-5304 2 Fedoraproject, Libvncserver Project 2 Fedora, Libvncserver 2024-11-21 7.5 High
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
CVE-2010-5298 5 Fedoraproject, Mariadb, Openssl and 2 more 9 Fedora, Mariadb, Openssl and 6 more 2024-11-21 N/A
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
CVE-2010-5109 2 Fedoraproject, Randall Hand 2 Fedora, Yerase\'s Tnef Stream Reader 2024-11-21 N/A
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
CVE-2010-4746 1 Fedoraproject 1 389 Directory Server 2024-11-21 N/A
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.
CVE-2010-4744 2 Fedoraproject, Moinejf 2 Fedora, Abcm2ps 2024-11-21 N/A
Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441.
CVE-2010-4743 2 Fedoraproject, Moinejf 2 Fedora, Abcm2ps 2024-11-21 N/A
Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information.
CVE-2010-4661 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Opensuse and 2 more 2024-11-21 7.8 High
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVE-2010-4577 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 7.5 High
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
CVE-2010-4494 10 Apache, Apple, Debian and 7 more 18 Openoffice, Iphone Os, Itunes and 15 more 2024-11-21 N/A
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2010-4341 3 Fedorahosted, Fedoraproject, Redhat 3 Sssd, Sssd, Enterprise Linux 2024-11-21 N/A
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
CVE-2010-4258 4 Fedoraproject, Linux, Opensuse and 1 more 7 Fedora, Linux Kernel, Opensuse and 4 more 2024-11-21 N/A
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
CVE-2010-4249 3 Fedoraproject, Linux, Redhat 4 Fedora, Linux Kernel, Enterprise Linux and 1 more 2024-11-21 N/A
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
CVE-2010-4206 4 Fedoraproject, Google, Redhat and 1 more 4 Fedora, Chrome, Enterprise Linux and 1 more 2024-11-21 8.8 High
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
CVE-2010-4204 4 Fedoraproject, Google, Redhat and 1 more 4 Fedora, Chrome, Enterprise Linux and 1 more 2024-11-21 9.8 Critical
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-4198 4 Fedoraproject, Google, Redhat and 1 more 4 Fedora, Chrome, Enterprise Linux and 1 more 2024-11-21 8.8 High
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.