Product:

Fedora_core

(Redhat)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 79
Date Id Summary Products Score Patch Annotated
2005-01-10 CVE-2004-1270 lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message. Cups, Fedora_core N/A
2005-01-10 CVE-2004-1269 lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. Cups, Fedora_core N/A
2005-01-10 CVE-2004-1268 lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. Cups, Fedora_core N/A
2005-01-10 CVE-2004-1267 Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file. Cups, Fedora_core N/A
2005-04-14 CVE-2004-1235 Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. Converged_communications_server, Intuity_audix, Mn100, Modular_messaging_message_storage_server, Network_routing, S8300, S8500, S8700, S8710, Linux, Linux_kernel, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_multi_network_firewall, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Suse_linux, Ubuntu_linux N/A
2005-01-21 CVE-2004-1184 The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. Enscript, Fedora_core, Propack, Suse_linux N/A
2005-01-10 CVE-2004-1171 KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. Kde, Mandrake_linux, Fedora_core N/A
2005-01-10 CVE-2004-1158 Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. Konqueror, Mandrake_linux, Fedora_core N/A
2005-01-10 CVE-2004-1154 Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. Fedora_core, Samba, Suse_linux, Secure_linux N/A
2005-01-10 CVE-2004-1074 The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary. Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux_advanced_workstation, Suse_linux, Secure_linux, Turbolinux_server N/A