Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.29%
  • Veröffentlicht 07.07.2008 23:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:39

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspeci...

  • EPSS 12.71%
  • Veröffentlicht 13.06.2008 18:41:00
  • Zuletzt bearbeitet 16.06.2026 22:53:38

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service...

Exploit
  • EPSS 2.65%
  • Veröffentlicht 06.06.2008 22:32:00
  • Zuletzt bearbeitet 16.06.2026 22:54:01

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

Exploit
  • EPSS 4.29%
  • Veröffentlicht 07.05.2008 21:20:00
  • Zuletzt bearbeitet 16.06.2026 22:53:07

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a...

Exploit
  • EPSS 10.92%
  • Veröffentlicht 05.05.2008 17:20:00
  • Zuletzt bearbeitet 16.06.2026 22:49:57

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

  • EPSS 0.31%
  • Veröffentlicht 02.05.2008 16:05:00
  • Zuletzt bearbeitet 16.06.2026 22:51:36

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

  • EPSS 0.3%
  • Veröffentlicht 31.03.2008 22:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:59

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

  • EPSS 10.14%
  • Veröffentlicht 19.03.2008 10:44:00
  • Zuletzt bearbeitet 16.06.2026 22:48:51

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer derefe...

  • EPSS 3.48%
  • Veröffentlicht 19.03.2008 10:44:00
  • Zuletzt bearbeitet 16.06.2026 22:48:51

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Exploit
  • EPSS 18.16%
  • Veröffentlicht 04.03.2008 23:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:05

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access a...