VYPR

Vendor CVEs

Fedoraproject

All CVEs

833 total · sorted by risk
  • CVE-2014-2326Mar 27, 2014
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-0132Mar 18, 2014
    risk 0.00cvss epss 0.02

    The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

  • CVE-2013-6476Mar 14, 2014
    risk 0.00cvss epss 0.00

    The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

  • CVE-2013-6475Mar 14, 2014
    risk 0.00cvss epss 0.03

    Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

  • CVE-2013-6474Mar 14, 2014
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2011-4930Feb 10, 2014
    risk 0.00cvss epss 0.01

    Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly…

  • CVE-2013-2191Feb 8, 2014
    risk 0.00cvss epss 0.01

    python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.

  • CVE-2014-1491Feb 6, 2014
    risk 0.00cvss epss 0.05

    Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes…

  • CVE-2014-1490Feb 6, 2014
    risk 0.00cvss epss 0.04

    Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service…

  • CVE-2014-0019Feb 4, 2014
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.

  • CVE-2014-0010Jan 20, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests…

  • CVE-2013-2139Jan 16, 2014
    risk 0.00cvss epss 0.03

    Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

  • CVE-2010-0746Jan 13, 2014
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.

  • CVE-2011-5268Dec 24, 2013
    risk 0.00cvss epss 0.01

    connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from…

  • CVE-2013-4550Dec 24, 2013
    risk 0.00cvss epss 0.02

    Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed…

  • CVE-2013-0348Dec 13, 2013
    risk 0.00cvss epss 0.01

    thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

  • CVE-2013-1812Dec 12, 2013
    risk 0.00cvss epss 0.02

    The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

  • CVE-2013-6672Dec 11, 2013
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

  • CVE-2013-5619Dec 11, 2013
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted…

  • CVE-2013-5614Dec 11, 2013
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

  • CVE-2013-5612Dec 11, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type…

  • CVE-2013-5611Dec 11, 2013
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

  • CVE-2013-4589Nov 23, 2013
    risk 0.00cvss epss 0.02

    The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

  • CVE-2013-4485Nov 23, 2013
    risk 0.00cvss epss 0.02

    389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

  • CVE-2013-2032Nov 18, 2013
    risk 0.00cvss epss 0.03

    MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one…

  • CVE-2013-4345Oct 10, 2013
    risk 0.00cvss epss 0.03

    Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management…

  • CVE-2013-2207Oct 9, 2013
    risk 0.00cvss epss 0.00

    pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

  • CVE-2013-4222Sep 30, 2013
    risk 0.00cvss epss 0.02

    OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

  • CVE-2013-0211Sep 30, 2013
    risk 0.00cvss epss 0.04

    Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an…

  • CVE-2013-4283Sep 10, 2013
    risk 0.00cvss epss 0.02

    ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

  • CVE-2013-1888Aug 17, 2013
    risk 0.00cvss epss 0.00

    pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.

  • CVE-2013-2219Jul 31, 2013
    risk 0.00cvss epss 0.02

    The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

  • CVE-2013-0237Jul 8, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2013-2064Jun 15, 2013
    risk 0.00cvss epss 0.02

    Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

  • CVE-2002-2443May 29, 2013
    risk 0.00cvss epss 0.06

    schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a…

  • CVE-2013-1897May 13, 2013
    risk 0.00cvss epss 0.02

    The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used,…

  • CVE-2013-1915Apr 25, 2013
    risk 0.00cvss epss 0.04

    ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity…

  • CVE-2013-1416Apr 19, 2013
    risk 0.00cvss epss 0.03

    The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer…

  • CVE-2012-6129Apr 3, 2013
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

  • CVE-2013-1830Mar 25, 2013
    risk 0.00cvss epss 0.02

    user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated…

  • CVE-2013-0287Mar 21, 2013
    risk 0.00cvss epss 0.02

    The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

  • CVE-2013-0312Mar 13, 2013
    risk 0.00cvss epss 0.03

    389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.

  • CVE-2012-1568Mar 1, 2013
    risk 0.00cvss epss 0.00

    The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to…

  • CVE-2013-0220Feb 24, 2013
    risk 0.00cvss epss 0.03

    The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to…

  • CVE-2013-0219Feb 24, 2013
    risk 0.00cvss epss 0.00

    System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.

  • CVE-2012-5536Feb 22, 2013
    risk 0.00cvss epss 0.00

    A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or…

  • CVE-2012-6075Feb 13, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code…

  • CVE-2013-0170Feb 8, 2013
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute…

  • CVE-2012-3354Nov 20, 2012
    risk 0.00cvss epss 0.01

    doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

  • CVE-2012-3504Oct 10, 2012
    risk 0.00cvss epss 0.00

    The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.