Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.51%
  • Veröffentlicht 27.08.2008 20:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:31

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

  • EPSS 2.65%
  • Veröffentlicht 31.07.2008 22:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:48

Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions...

  • EPSS 1.83%
  • Veröffentlicht 27.07.2008 22:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:48

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

  • EPSS 2.47%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:24

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, a...

  • EPSS 2.08%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:24

The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS...

  • EPSS 1.34%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:24

Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."

  • EPSS 1.14%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:24

Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.

  • EPSS 2.89%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:24

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

  • EPSS 3.16%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:24

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

Exploit
  • EPSS 6.73%
  • Veröffentlicht 07.07.2008 23:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:39

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins ...