Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-3612 |
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. Published: October 19, 2009; 4:00:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-3564 |
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files. Published: October 06, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2009-3231 |
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. Published: September 17, 2009; 6:30:01 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-2629 |
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Published: September 15, 2009; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-3095 |
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Published: September 08, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-3094 |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Published: September 08, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2009-2698 |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. Published: August 27, 2009; 1:30:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2009-2474 |
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: August 21, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2009-2416 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Published: August 11, 2009; 2:30:00 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2009-1896 |
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. Published: August 10, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-2625 |
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. Published: August 06, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1721 |
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. Published: July 31, 2009; 3:00:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-2472 |
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." Published: July 22, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-1837 |
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. Published: June 12, 2009; 5:30:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 9.3 HIGH |
CVE-2009-1955 |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. Published: June 07, 2009; 9:00:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2009-1903 |
The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. Published: June 03, 2009; 1:00:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-1902 |
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. Published: June 03, 2009; 1:00:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1603 |
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. Published: May 11, 2009; 12:30:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2009-1186 |
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. Published: April 17, 2009; 10:30:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-1185 |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Published: April 17, 2009; 10:30:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |