VYPR

Vendor CVEs

Fedoraproject

All CVEs

833 total · sorted by risk
  • CVE-2009-1242Apr 6, 2009
    risk 0.00cvss epss 0.00

    The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended…

  • CVE-2008-6552Mar 30, 2009
    risk 0.00cvss epss 0.00

    Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager…

  • CVE-2009-0040Feb 22, 2009
    risk 0.00cvss epss 0.05

    The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers…

  • CVE-2009-0314Jan 28, 2009
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

  • CVE-2008-5983Jan 28, 2009
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code…

  • CVE-2008-5021Nov 13, 2008
    risk 0.00cvss epss 0.04

    nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input…

  • CVE-2008-3969Sep 11, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for…

  • CVE-2008-3424Jul 31, 2008
    risk 0.00cvss epss 0.03

    Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.

  • CVE-2008-3221Jul 18, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.

  • CVE-2008-3218Jul 18, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID…

  • CVE-2008-3220Jul 18, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."

  • CVE-2008-3219Jul 18, 2008
    risk 0.00cvss epss 0.02

    The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.

  • CVE-2008-3223Jul 18, 2008
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

  • CVE-2008-3222Jul 18, 2008
    risk 0.00cvss epss 0.03

    Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

  • CVE-2008-2944Jun 30, 2008
    risk 0.00cvss epss 0.00

    Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different…

  • CVE-2008-2575Jun 6, 2008
    risk 0.00cvss epss 0.03

    cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

  • CVE-2008-1375May 2, 2008
    risk 0.00cvss epss 0.00

    Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

  • CVE-2008-0595Feb 29, 2008
    risk 0.00cvss epss 0.00

    dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL…

  • CVE-2007-6427Jan 18, 2008
    risk 0.00cvss epss 0.04

    The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

  • CVE-2007-6601Jan 9, 2008
    risk 0.00cvss epss 0.02

    The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists…

  • CVE-2007-6283Dec 18, 2007
    risk 0.00cvss epss 0.00

    Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

  • CVE-2007-4129Nov 8, 2007
    risk 0.00cvss epss 0.00

    CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.

  • CVE-2007-1321Oct 30, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE:…

  • CVE-2007-5594Oct 19, 2007
    risk 0.00cvss epss 0.01

    Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

  • CVE-2007-5593Oct 19, 2007
    risk 0.00cvss epss 0.04

    install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

  • CVE-2007-5191Oct 4, 2007
    risk 0.00cvss epss 0.00

    mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

  • CVE-2007-4000Sep 5, 2007
    risk 0.00cvss epss 0.06

    The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users…

  • CVE-2007-4364Aug 15, 2007
    risk 0.00cvss epss 0.03

    Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain…

  • CVE-2007-4045Jul 27, 2007
    risk 0.00cvss epss 0.05

    The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL…

  • CVE-2007-3304Jun 20, 2007
    risk 0.00cvss epss 0.03

    Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1…

  • CVE-2007-1320May 2, 2007
    risk 0.00cvss epss 0.00

    Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark…

  • CVE-2006-5170Oct 10, 2006
    risk 0.00cvss epss 0.04

    pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to…

  • CVE-2006-3742Sep 6, 2006
    risk 0.00cvss epss 0.01

    The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

Page 17 of 17