Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2010-11-05 CVE-2010-3702 Null Pointer Dereference vulnerability in multiple products
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
7.5
2010-10-04 CVE-2010-3442 Integer Overflow OR Wraparound vulnerability in multiple products
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
4.7
2010-09-24 CVE-2010-1773 Off-By-One Error vulnerability in multiple products
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
6.8
2010-09-24 CVE-2010-1772 USE After Free vulnerability in multiple products
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
6.8
2010-09-08 CVE-2010-2959 Integer Overflow OR Wraparound vulnerability in multiple products
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
7.2
2010-08-30 CVE-2010-2940 Improper Authentication vulnerability in Fedoraproject Sssd 1.3.0
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
network
high complexity
fedoraproject CWE-287
5.1
2010-07-13 CVE-2010-2008 Command Injection vulnerability in multiple products
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a .
3.5
2010-06-30 CVE-2010-2249 Memory Leak vulnerability in multiple products
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
4.3
2010-06-30 CVE-2010-1205 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
7.5
2010-06-10 CVE-2010-0395 Permissions, Privileges, and Access Controls vulnerability in multiple products
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
network
canonical fedoraproject sun CWE-264
critical
9.3