VYPR

Fedora Core

by Red Hat

CVEs (88)

  • CVE-2005-0109MedMar 5, 2005
    risk 0.36cvss 5.6epss 0.01

    Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as…

  • CVE-2004-0595Jul 27, 2004
    risk 0.07cvss epss 0.45

    The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore…

  • CVE-2004-0989Mar 1, 2005
    risk 0.05cvss epss 0.22

    Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that…

  • CVE-2004-0557Aug 6, 2004
    risk 0.05cvss epss 0.25

    Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

  • CVE-2007-5962May 22, 2008
    risk 0.04cvss epss 0.12

    Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands,…

  • CVE-2005-1267Jun 10, 2005
    risk 0.04cvss epss 0.14

    The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

  • CVE-2004-1267Jan 10, 2005
    risk 0.04cvss epss 0.06

    Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

  • CVE-2004-0460Aug 6, 2004
    risk 0.04cvss epss 0.45

    Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3)…

  • CVE-2008-3832Oct 3, 2008
    risk 0.03cvss epss 0.01

    A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.

  • CVE-2006-5701Nov 3, 2006
    risk 0.03cvss epss 0.01

    Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

  • CVE-2006-0745Mar 21, 2006
    risk 0.03cvss epss 0.01

    X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the…

  • CVE-2004-1235Apr 14, 2005
    risk 0.03cvss epss 0.03

    Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

  • CVE-2005-0750Mar 27, 2005
    risk 0.03cvss epss 0.01

    The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

  • CVE-2005-0736Mar 9, 2005
    risk 0.03cvss epss 0.02

    Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

  • CVE-2005-0156Feb 7, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

  • CVE-2004-1073Jan 10, 2005
    risk 0.03cvss epss 0.01

    The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

  • CVE-2004-1333Dec 15, 2004
    risk 0.03cvss epss 0.01

    Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

  • CVE-2004-1335Dec 15, 2004
    risk 0.03cvss epss 0.01

    Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

  • CVE-2004-0415Nov 23, 2004
    risk 0.03cvss epss 0.01

    Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

  • CVE-2004-0918Jan 27, 2005
    risk 0.01cvss epss 0.16

    The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Page 1 of 5