VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2009-1603HigMay 11, 2009
    risk 0.49cvss 7.5epss 0.01

    src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.

  • CVE-2008-4577HigOct 15, 2008
    risk 0.49cvss 7.5epss 0.02

    The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

  • CVE-2008-0063HigMar 19, 2008
    risk 0.49cvss 7.5epss 0.03

    The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

  • CVE-2016-7966HigDec 23, 2016
    risk 0.48cvss 7.3epss 0.02

    Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available…

  • CVE-2015-8837HigMar 30, 2016
    risk 0.48cvss 7.3epss 0.03

    Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.

  • CVE-2015-8836HigMar 30, 2016
    risk 0.48cvss 7.3epss 0.02

    Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer…

  • CVE-2015-8466HigJan 13, 2016
    risk 0.48cvss 7.4epss 0.02

    Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

  • CVE-2015-8400HigJan 12, 2016
    risk 0.48cvss 7.4epss 0.02

    The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.

  • CVE-2015-8370HigDec 16, 2015
    risk 0.48cvss 7.4epss 0.01

    Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in…

  • CVE-2015-8387HigDec 2, 2015
    risk 0.48cvss 7.3epss 0.04

    PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp…

  • CVE-2024-28960HigMar 29, 2024
    risk 0.46cvss 8.2epss 0.01

    An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

  • CVE-2023-51767HigDec 24, 2023
    risk 0.46cvss 7.0epss 0.01

    OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of…

  • CVE-2021-41617HigSep 26, 2021
    risk 0.46cvss 7.0epss 0.02

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with…

  • CVE-2016-0721HigApr 21, 2017
    risk 0.46cvss 8.1epss 0.02

    Session fixation vulnerability in pcsd in pcs before 0.9.157.

  • CVE-2017-6313HigMar 10, 2017
    risk 0.46cvss 7.1epss 0.02

    Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

  • CVE-2016-9014HigDec 9, 2016
    risk 0.46cvss 8.1epss 0.06

    Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

  • CVE-2009-3611HigOct 26, 2009
    risk 0.46cvss 7.1epss 0.00

    common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying…

  • CVE-2014-9114HigMar 31, 2017
    risk 0.44cvss 7.8epss 0.01

    Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

  • CVE-2016-2312MedDec 23, 2016
    risk 0.44cvss 6.8epss 0.00

    Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

  • CVE-2016-3096HigJun 3, 2016
    risk 0.44cvss 7.8epss 0.00

    The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path…

Page 13 of 40