VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2007-1321Oct 30, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE:…

  • CVE-2007-5593Oct 19, 2007
    risk 0.00cvss epss 0.04

    install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

  • CVE-2007-5594Oct 19, 2007
    risk 0.00cvss epss 0.01

    Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

  • CVE-2007-5191Oct 4, 2007
    risk 0.00cvss epss 0.00

    mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

  • CVE-2007-4000Sep 5, 2007
    risk 0.00cvss epss 0.06

    The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users…

  • CVE-2007-4045Jul 27, 2007
    risk 0.00cvss epss 0.05

    The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL…

  • CVE-2007-3304Jun 20, 2007
    risk 0.00cvss epss 0.03

    Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1…

  • CVE-2007-1320May 2, 2007
    risk 0.00cvss epss 0.00

    Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark…

  • CVE-2006-5170Oct 10, 2006
    risk 0.00cvss epss 0.04

    pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to…

  • CVE-2006-3742Sep 6, 2006
    risk 0.00cvss epss 0.01

    The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

Page 40 of 40