Redhat

Fedora Core

77 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-3630

  • EPSS 0.48%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" di...

5

CVE-2005-3626

Exploit
  • EPSS 9.33%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10

CVE-2005-3625

Exploit
  • EPSS 11.29%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and ...

5

CVE-2005-3624

Exploit
  • EPSS 7.36%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to int...

5

CVE-2005-1267

  • EPSS 11.27%
  • Published 10.06.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

7.5

CVE-2005-0206

  • EPSS 6.53%
  • Published 27.04.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

6.8

CVE-2005-0085

  • EPSS 4.73%
  • Published 27.04.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

7.5

CVE-2005-0754

  • EPSS 2.28%
  • Published 22.04.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

6.2

CVE-2004-1235

Exploit
  • EPSS 0.08%
  • Published 14.04.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

7.2

CVE-2005-0750

  • EPSS 0.17%
  • Published 27.03.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.