Filtered by vendor Redhat
Subscriptions
Filtered by product Fedora
Subscriptions
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2024-11-21 | N/A |
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | ||||
CVE-2014-9278 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Fedora | 2024-11-21 | N/A |
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | ||||
CVE-2011-1011 | 1 Redhat | 3 Enterprise Linux, Fedora, Policycoreutils | 2024-11-21 | N/A |
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. | ||||
CVE-2011-0008 | 2 Redhat, Todd Miller | 2 Fedora, Sudo | 2024-11-21 | N/A |
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. | ||||
CVE-2010-4695 | 3 Catb, Debian, Redhat | 3 Gif2png, Linux, Fedora | 2024-11-21 | N/A |
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | ||||
CVE-2009-3080 | 7 Canonical, Debian, Linux and 4 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2024-11-21 | N/A |
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||||
CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2024-11-21 | N/A |
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | ||||
CVE-2009-0180 | 2 Nfs, Redhat | 2 Nfs-utils, Fedora | 2024-11-21 | N/A |
Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. | ||||
CVE-2008-6755 | 2 Redhat, Zoneminder | 2 Fedora, Zoneminder | 2024-11-21 | N/A |
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | ||||
CVE-2008-6560 | 1 Redhat | 3 Cman, Fedora, Linux | 2024-11-21 | N/A |
Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product. | ||||
CVE-2008-3832 | 2 Linux, Redhat | 2 Linux Kernel, Fedora | 2024-11-21 | N/A |
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function. | ||||
CVE-2008-3524 | 1 Redhat | 2 Fedora, Initscripts | 2024-11-21 | N/A |
rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | ||||
CVE-2008-3252 | 2 Fedora, Redhat | 2 Newsx, Fedora | 2024-11-21 | N/A |
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. | ||||
CVE-2008-2808 | 3 Mozilla, Redhat, Ubuntu | 10 Firefox, Seamonkey, Thunderbird and 7 more | 2024-11-21 | N/A |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | ||||
CVE-2008-1796 | 2 Comix, Redhat | 2 Comix, Fedora | 2024-11-21 | N/A |
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. | ||||
CVE-2008-1552 | 2 Redhat, Silc | 5 Fedora, Silc, Silc Client and 2 more | 2024-11-21 | N/A |
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. | ||||
CVE-2008-1292 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2024-11-21 | N/A |
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | ||||
CVE-2008-1291 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2024-11-21 | N/A |
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | ||||
CVE-2008-1290 | 3 Gentoo, Redhat, Viewvc | 3 Linux, Fedora, Viewvc | 2024-11-21 | N/A |
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. | ||||
CVE-2008-0932 | 3 Debian, Redhat, The Sword Project | 4 Debian Linux, Fedora, Diatheke Front End and 1 more | 2024-11-21 | N/A |
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. |