Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2010-11-26 CVE-2010-3705 Resource Exhaustion vulnerability in multiple products
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.
8.3
2010-11-26 CVE-2010-3698 Resource Exhaustion vulnerability in multiple products
The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT).
local
low complexity
linux fedoraproject CWE-400
4.9
2010-11-26 CVE-2010-2963 Improper Input Validation vulnerability in multiple products
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
6.2
2010-11-26 CVE-2010-2962 Improper Input Validation vulnerability in multiple products
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.
7.2
2010-11-22 CVE-2010-4169 USE After Free vulnerability in multiple products
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.
local
low complexity
linux fedoraproject opensuse suse CWE-416
4.9
2010-11-06 CVE-2010-4206 Out-Of-Bounds Write vulnerability in Google Chrome
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
6.8
2010-11-06 CVE-2010-4204 Denial of Service vulnerability in Google Chrome
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google webkitgtk fedoraproject
7.5
2010-11-06 CVE-2010-4198 Improper Input Validation vulnerability in Google Chrome
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.
6.8
2010-11-06 CVE-2010-4197 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
network
low complexity
google webkitgtk fedoraproject CWE-416
7.5
2010-11-06 CVE-2010-4001 Permissions, Privileges, and Access Controls vulnerability in Gromacs
** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
local
low complexity
gromacs fedoraproject CWE-264
4.6