Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 12.56%
  • Veröffentlicht 08.09.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:55

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as...

Exploit
  • EPSS 7.18%
  • Veröffentlicht 27.08.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:03

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto...

  • EPSS 1.38%
  • Veröffentlicht 21.08.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:31

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...

Exploit
  • EPSS 0.52%
  • Veröffentlicht 18.08.2009 21:00:00
  • Zuletzt bearbeitet 16.06.2026 23:10:20

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone ...

  • EPSS 1.79%
  • Veröffentlicht 11.08.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:24

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute...

  • EPSS 30.38%
  • Veröffentlicht 06.08.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:51

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a...

  • EPSS 4.29%
  • Veröffentlicht 31.07.2009 19:00:01
  • Zuletzt bearbeitet 16.06.2026 23:07:54

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of a...

  • EPSS 2.24%
  • Veröffentlicht 22.07.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:31

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, re...

Exploit
  • EPSS 17.11%
  • Veröffentlicht 10.07.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:17

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

  • EPSS 16.16%
  • Veröffentlicht 05.07.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:17

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al...