Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2009-06-12 CVE-2009-1837 Use After Free vulnerability in multiple products
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
network
high complexity
mozilla debian fedoraproject redhat CWE-416
7.5
2009-06-08 CVE-2009-1955 XML Entity Expansion vulnerability in multiple products
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
7.5
2009-05-11 CVE-2009-1603 Cleartext Storage of Sensitive Information vulnerability in multiple products
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
network
low complexity
opensc-project fedoraproject CWE-312
7.5
2009-03-30 CVE-2009-0115 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
7.8
2008-10-15 CVE-2008-4577 Incorrect Authorization vulnerability in multiple products
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7.5
2008-08-29 CVE-2008-3282 Incorrect Conversion between Numeric Types vulnerability in multiple products
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.
local
low complexity
apache fedoraproject CWE-681
7.8
2008-07-18 CVE-2008-3223 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
network
low complexity
drupal fedoraproject CWE-89
7.5
2008-07-07 CVE-2008-2371 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
7.5
2008-03-19 CVE-2008-0063 Use of Uninitialized Resource vulnerability in multiple products
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
7.5
2007-10-30 CVE-2007-1321 Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error.
local
low complexity
qemu fedoraproject debian
7.2