Filtered by vendor Fedoraproject
Subscriptions
Total
5259 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-0532 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2024-11-21 | N/A |
The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
CVE-2011-0495 | 3 Debian, Digium, Fedoraproject | 6 Debian Linux, Asterisk, Asterisknow and 3 more | 2024-11-21 | N/A |
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. | ||||
CVE-2011-0022 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2024-11-21 | N/A |
The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. | ||||
CVE-2011-0019 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2024-11-21 | N/A |
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. | ||||
CVE-2010-5312 | 7 Apache, Debian, Drupal and 4 more | 7 Drill, Debian Linux, Drupal and 4 more | 2024-11-21 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | ||||
CVE-2010-5304 | 2 Fedoraproject, Libvncserver Project | 2 Fedora, Libvncserver | 2024-11-21 | 7.5 High |
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. | ||||
CVE-2010-5298 | 5 Fedoraproject, Mariadb, Openssl and 2 more | 9 Fedora, Mariadb, Openssl and 6 more | 2024-11-21 | N/A |
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. | ||||
CVE-2010-5109 | 2 Fedoraproject, Randall Hand | 2 Fedora, Yerase\'s Tnef Stream Reader | 2024-11-21 | N/A |
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. | ||||
CVE-2010-4746 | 1 Fedoraproject | 1 389 Directory Server | 2024-11-21 | N/A |
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019. | ||||
CVE-2010-4744 | 2 Fedoraproject, Moinejf | 2 Fedora, Abcm2ps | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441. | ||||
CVE-2010-4743 | 2 Fedoraproject, Moinejf | 2 Fedora, Abcm2ps | 2024-11-21 | N/A |
Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information. | ||||
CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-11-21 | 7.8 High |
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | ||||
CVE-2010-4577 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 7.5 High |
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||||
CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 18 Openoffice, Iphone Os, Itunes and 15 more | 2024-11-21 | N/A |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | ||||
CVE-2010-4341 | 3 Fedorahosted, Fedoraproject, Redhat | 3 Sssd, Sssd, Enterprise Linux | 2024-11-21 | N/A |
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. | ||||
CVE-2010-4258 | 4 Fedoraproject, Linux, Opensuse and 1 more | 7 Fedora, Linux Kernel, Opensuse and 4 more | 2024-11-21 | N/A |
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. | ||||
CVE-2010-4249 | 3 Fedoraproject, Linux, Redhat | 4 Fedora, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | N/A |
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. | ||||
CVE-2010-4206 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters. | ||||
CVE-2010-4204 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2024-11-21 | 9.8 Critical |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2010-4198 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. |