Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2009-1891

Exploit
  • EPSS 20.93%
  • Published 10.07.2009 15:30:00
  • Last modified 09.04.2025 00:30:58

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

7.1

CVE-2009-1890

  • EPSS 21.52%
  • Published 05.07.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al...

9.3

CVE-2009-1837

Exploit
  • EPSS 2.18%
  • Published 12.06.2009 21:30:00
  • Last modified 09.04.2025 00:30:58

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading,...

7.5

CVE-2009-1955

Exploit
  • EPSS 3.66%
  • Published 08.06.2009 01:00:00
  • Last modified 09.04.2025 00:30:58

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via ...

5

CVE-2009-1902

Exploit
  • EPSS 13.79%
  • Published 03.06.2009 17:00:00
  • Last modified 09.04.2025 00:30:58

The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.

4.3

CVE-2009-1903

  • EPSS 1.92%
  • Published 03.06.2009 17:00:00
  • Last modified 09.04.2025 00:30:58

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

7.5

CVE-2009-1603

  • EPSS 1.05%
  • Published 11.05.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to b...

7.2

CVE-2009-1185

Exploit
  • EPSS 89.27%
  • Published 17.04.2009 14:30:00
  • Last modified 09.04.2025 00:30:58

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

2.1

CVE-2009-1186

  • EPSS 0.09%
  • Published 17.04.2009 14:30:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

10

CVE-2009-0846

  • EPSS 23.59%
  • Published 09.04.2009 00:30:00
  • Last modified 09.04.2025 00:30:58

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code...