Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 11.64%
  • Veröffentlicht 15.03.2010 14:15:32
  • Zuletzt bearbeitet 16.06.2026 23:15:19

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

  • EPSS 2.58%
  • Veröffentlicht 05.03.2010 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:15:53

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denia...

  • EPSS 18.44%
  • Veröffentlicht 05.03.2010 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:16:10

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, wh...

  • EPSS 4.21%
  • Veröffentlicht 03.03.2010 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:15:42

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which...

  • EPSS 12.5%
  • Veröffentlicht 09.01.2010 18:30:01
  • Zuletzt bearbeitet 16.06.2026 23:15:14

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) requ...

  • EPSS 0.38%
  • Veröffentlicht 11.12.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:06

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

  • EPSS 3.91%
  • Veröffentlicht 20.11.2009 02:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:49

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash ...

  • EPSS 1.55%
  • Veröffentlicht 13.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:16

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight,...

Exploit
  • EPSS 87.26%
  • Veröffentlicht 09.11.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:50

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu...

Exploit
  • EPSS 4.93%
  • Veröffentlicht 04.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:49

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna...