Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5291 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-0005 4 Apache, Canonical, Fedoraproject and 1 more 6 Http Server, Ubuntu Linux, Fedora and 3 more 2025-04-09 N/A
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
CVE-2009-1603 2 Fedoraproject, Opensc-project 2 Fedora, Opensc 2025-04-09 7.5 High
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
CVE-2009-4135 3 Canonical, Fedoraproject, Gnu 3 Ubuntu Linux, Fedora, Coreutils 2025-04-09 N/A
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
CVE-2009-1186 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2025-04-09 N/A
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
CVE-2008-1145 3 Fedoraproject, Redhat, Ruby-lang 4 Fedora, Enterprise Linux, Ruby and 1 more 2025-04-09 N/A
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
CVE-2009-1721 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2025-04-09 N/A
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
CVE-2009-3564 2 Fedoraproject, Reductivelabs 2 Fedora, Puppet 2025-04-09 N/A
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
CVE-2008-2951 2 Edgewall, Fedoraproject 2 Trac, Fedora 2025-04-09 6.1 Medium
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
CVE-2009-3231 5 Canonical, Fedoraproject, Opensuse and 2 more 6 Ubuntu Linux, Fedora, Opensuse and 3 more 2025-04-09 N/A
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
CVE-2008-2575 2 Fedoraproject, Jcoppens 2 Fedora, Cbrpager 2025-04-09 N/A
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
CVE-2008-0599 4 Apple, Canonical, Fedoraproject and 1 more 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more 2025-04-09 9.8 Critical
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2009-2629 3 Debian, F5, Fedoraproject 3 Debian Linux, Nginx, Fedora 2025-04-09 N/A
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
CVE-2008-2371 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2025-04-09 N/A
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
CVE-2009-2698 6 Canonical, Fedoraproject, Linux and 3 more 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more 2025-04-09 7.8 High
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
CVE-2008-3969 2 Bitlbee, Fedoraproject 2 Bitlbee, Fedora 2025-04-09 N/A
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
CVE-2007-5593 2 Drupal, Fedoraproject 2 Drupal, Fedora 2025-04-09 N/A
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
CVE-2008-4577 5 Canonical, Dovecot, Fedoraproject and 2 more 5 Ubuntu Linux, Dovecot, Fedora and 2 more 2025-04-09 7.5 High
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2009-0040 7 Apple, Debian, Fedoraproject and 4 more 10 Iphone Os, Mac Os X, Debian Linux and 7 more 2025-04-09 N/A
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
CVE-2008-0595 4 Fedoraproject, Freedesktop, Mandrakesoft and 1 more 4 Fedora, Dbus, Mandrake Linux and 1 more 2025-04-09 N/A
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
CVE-2007-3304 4 Apache, Canonical, Fedoraproject and 1 more 11 Http Server, Ubuntu Linux, Fedora and 8 more 2025-04-09 N/A
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."