Vulnerabilities > Fedoraproject
|2009-10-06||CVE-2009-3564|| Permissions, Privileges, and Access Controls vulnerability in Reductivelabs Puppet 0.24.6 |
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
| 4.7 |
|2009-10-01||CVE-2009-2904|| Configuration vulnerability in Openbsd Openssh 4.3/4.8 |
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
| 6.9 |
|2009-09-15||CVE-2009-2629|| Out-of-bounds Write vulnerability in multiple products |
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
| 7.5 |
|2009-09-14||CVE-2009-2813|| Permissions, Privileges, and Access Controls vulnerability in multiple products |
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
| 6.0 |
|2009-08-21||CVE-2009-2474|| Inadequate Encryption Strength vulnerability in multiple products |
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| 5.8 |
|2009-08-18||CVE-2009-2848|| Improper Privilege Management vulnerability in multiple products |
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
| 5.9 |
|2009-08-10||CVE-2009-1896|| Permissions, Privileges, and Access Controls vulnerability in SUN Openjdk |
The Java Web Start framework in IcedTea in OpenJDK before 22.214.171.124-20.b16.fc10 on Fedora 10, and before 126.96.36.199-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
| 10.0 |
|2009-07-22||CVE-2009-2472|| Cross-Site Scripting vulnerability in multiple products |
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."
| 4.3 |
|2009-06-03||CVE-2009-1903||The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.|| 4.3 |
|2009-06-03||CVE-2009-1902|| Null Pointer Dereference vulnerability in multiple products |
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
| 5.0 |