Total
5282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3424 | 2 Condor Project, Fedoraproject | 2 Condor, Fedora | 2025-04-09 | 7.5 HIGH | N/A |
| Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2009-2910 | 6 Canonical, Fedoraproject, Linux and 3 more | 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more | 2025-04-09 | 2.1 LOW | N/A |
| arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. | |||||
| CVE-2008-6552 | 2 Fedoraproject, Redhat | 5 Fedora, Cluster Project, Cman and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | |||||
| CVE-2009-2813 | 3 Apple, Fedoraproject, Samba | 4 Mac Os X, Mac Os X Server, Fedora and 1 more | 2025-04-09 | 6.0 MEDIUM | N/A |
| Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. | |||||
| CVE-2008-2108 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | |||||
| CVE-2009-0846 | 5 Apple, Canonical, Fedoraproject and 2 more | 9 Mac Os X, Ubuntu Linux, Fedora and 6 more | 2025-04-09 | 10.0 HIGH | N/A |
| The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. | |||||
| CVE-2008-3282 | 2 Apache, Fedoraproject | 2 Openoffice, Fedora | 2025-04-09 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | |||||
| CVE-2009-1902 | 2 Fedoraproject, Trustwave | 2 Fedora, Modsecurity | 2025-04-09 | 5.0 MEDIUM | N/A |
| The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. | |||||
| CVE-2007-1320 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Fedora Core and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
| Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. | |||||
| CVE-2009-1186 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-09 | 2.1 LOW | N/A |
| Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. | |||||
| CVE-2009-3621 | 6 Canonical, Fedoraproject, Linux and 3 more | 8 Ubuntu Linux, Fedora, Linux Kernel and 5 more | 2025-04-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. | |||||
| CVE-2007-4045 | 2 Apple, Fedoraproject | 2 Cups, Fedora | 2025-04-09 | 5.0 MEDIUM | N/A |
| The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. | |||||
| CVE-2007-0455 | 5 Canonical, Fedoraproject, Gd Graphics Library Project and 2 more | 7 Ubuntu Linux, Fedora, Gd Graphics Library and 4 more | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. | |||||
| CVE-2007-6427 | 7 Apple, Canonical, Debian and 4 more | 11 Mac Os X, Ubuntu Linux, Debian Linux and 8 more | 2025-04-09 | 9.3 HIGH | N/A |
| The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | |||||
| CVE-2008-4989 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2025-04-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | |||||
| CVE-2008-3969 | 2 Bitlbee, Fedoraproject | 2 Bitlbee, Fedora | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | |||||
| CVE-2009-2904 | 3 Fedoraproject, Openbsd, Redhat | 5 Fedora, Openssh, Enterprise Linux and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. | |||||
| CVE-2009-2848 | 8 Canonical, Fedoraproject, Linux and 5 more | 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more | 2025-04-09 | 5.9 MEDIUM | N/A |
| The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | |||||
| CVE-2009-2625 | 7 Apache, Canonical, Debian and 4 more | 9 Xerces2 Java, Ubuntu Linux, Debian Linux and 6 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2008-3219 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. | |||||