Vulnerabilities > Redhat > Fedora Core

DATE CVE VULNERABILITY TITLE RISK
2006-02-14 CVE-2006-0452 Remote Denial Of Service vulnerability in Redhat Fedora Core 1.0
dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.
network
low complexity
redhat
5.0
5.0
2006-02-14 CVE-2006-0451 Remote Denial Of Service vulnerability in Redhat Fedora Core 1.0
Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.
network
low complexity
redhat
5.0
5.0
2005-12-31 CVE-2005-3630 Information Disclosure vulnerability in Redhat Fedora Core 1.0
Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
network
low complexity
redhat
5.0
5.0
2005-12-31 CVE-2005-3626 Resource Management Errors vulnerability in multiple products
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. 		5.0
5.0
2005-12-31 CVE-2005-3625 Resource Management Errors vulnerability in multiple products
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." 		10.0
10
2005-12-31 CVE-2005-3624 Numeric Errors vulnerability in multiple products
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. 		5.0
5.0
2005-06-10 CVE-2005-1267 Denial Of Service vulnerability in tcpdump BGP Decoding Routines
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
network
low complexity
lbl gentoo mandrakesoft redhat trustix
5.0
5.0
2005-04-27 CVE-2005-0206 Integer Overflow vulnerability in Xpdf PDFTOPS
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. 		7.5
7.5
2005-04-27 CVE-2005-0085 Cross-Site Scripting vulnerability in Dig Config Parameter
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. 		6.8
6.8
2005-04-22 CVE-2005-0754 Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
network
low complexity
kde conectiva gentoo redhat ubuntu
7.5
7.5