VYPR
Vendor

Fedorahosted

Products
34
CVEs
45
Across products
44
Status
Private

Products

34
View all 34 products →

Recent CVEs

45
View all 45 CVEs →
  • CVE-2017-12170CriSep 21, 2017
    risk 0.64cvss 9.8epss 0.02

    Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding…

  • CVE-2016-0726CriJun 6, 2017
    risk 0.64cvss 9.8epss 0.02

    The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

  • CVE-2015-3277HigAug 9, 2017
    risk 0.49cvss 7.5epss 0.03

    The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.

  • CVE-2016-0741HigApr 19, 2016
    risk 0.49cvss 7.5epss 0.04

    slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.

  • CVE-2013-0159HigMay 1, 2018
    risk 0.46cvss 7.1epss 0.00

    The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

  • CVE-2015-3229MedOct 16, 2017
    risk 0.39cvss 5.9epss 0.02

    fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.

  • CVE-2015-0296MedOct 6, 2017
    risk 0.31cvss 4.7epss 0.00

    The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.

  • CVE-2008-2930Aug 29, 2008
    risk 0.04cvss epss 0.07

    Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded…

  • CVE-2011-2201Sep 14, 2011
    risk 0.03cvss epss 0.06

    The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

  • CVE-2008-3832Oct 3, 2008
    risk 0.03cvss epss 0.01

    A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.

  • CVE-2004-2502Dec 31, 2004
    risk 0.03cvss epss 0.01

    im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.

  • CVE-2008-3252Jul 21, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

  • CVE-2025-23012Jan 23, 2025
    risk 0.00cvss epss 0.00

    Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported…

  • CVE-2022-3675Nov 3, 2022
    risk 0.00cvss epss 0.00

    Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases…

  • CVE-2021-33082May 12, 2022
    risk 0.00cvss epss 0.00

    Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2021-33074May 12, 2022
    risk 0.00cvss epss 0.00

    Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2012-3462Dec 26, 2019
    risk 0.00cvss epss 0.02

    A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.

  • CVE-2012-1615Dec 6, 2019
    risk 0.00cvss epss 0.00

    A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

  • CVE-2018-16838Mar 25, 2019
    risk 0.00cvss epss 0.01

    A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

  • CVE-2015-3983May 14, 2015
    risk 0.00cvss epss 0.02

    The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per…