RSS   Vulnerabilities for 'Fedora core'   RSS

2007-12-17
 
CVE-2007-6283

 

 
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

 
2007-11-26
 
CVE-2007-6131

CWE-16
 

 
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.

 
2007-07-27
 
CVE-2007-2874

 

 
Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information.

 
2007-09-18
 
CVE-2007-2834

CWE-189
 

 
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

 
2007-04-16
 
CVE-2007-2030

 

 
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

 
2007-04-05
 
CVE-2007-1352

CWE-Other
 

 
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

 
2006-12-07
 
CVE-2006-6235

CWE-Other
 

 
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

 
2006-11-03
 
CVE-2006-5701

 

 
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

 
2006-10-10
 
CVE-2006-5170

CWE-Other
 

 
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

 
2006-03-20
 
CVE-2006-0745

CWE-Other
 

 
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

 


Copyright 2024, cxsecurity.com

 

Back to Top