Search Results (Refine Search)
- CPE Product Version: cpe:/o:fedoraproject:fedora:9
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-14312 |
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Published: February 05, 2021; 7:15:12 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2009-1837 |
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. Published: June 12, 2009; 5:30:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 9.3 HIGH |
CVE-2009-1955 |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. Published: June 07, 2009; 9:00:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2009-1903 |
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. Published: June 03, 2009; 1:00:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-1902 |
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. Published: June 03, 2009; 1:00:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1603 |
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. Published: May 11, 2009; 12:30:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2009-1186 |
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. Published: April 17, 2009; 10:30:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-1185 |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Published: April 17, 2009; 10:30:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2009-0846 |
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. Published: April 08, 2009; 8:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0115 |
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. Published: March 30, 2009; 12:30:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2008-6552 |
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. Published: March 30, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2009-0040 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. Published: February 22, 2009; 5:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0385 |
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Published: February 02, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0314 |
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). Published: January 28, 2009; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2008-5021 |
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. Published: November 13, 2008; 6:30:01 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-4989 |
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). Published: November 12, 2008; 8:00:01 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2008-4577 |
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. Published: October 15, 2008; 4:08:02 PM -0400 |
V3.1: 7.5 HIGH V2.0: 6.4 MEDIUM |
CVE-2008-3282 |
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. Published: August 29, 2008; 2:41:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2008-3281 |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. Published: August 27, 2008; 4:41:00 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2008-3424 |
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. Published: July 31, 2008; 6:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |