Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-14312 |
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Published: February 05, 2021; 7:15:12 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2010-4661 |
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. Published: November 13, 2019; 4:15:11 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-3882 |
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Published: April 24, 2019; 12:29:02 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-11234 |
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Published: April 22, 2019; 7:29:03 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-0477 |
The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address. Published: July 03, 2014; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3470 |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Published: June 05, 2014; 5:55:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0221 |
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. Published: June 05, 2014; 5:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-6476 |
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2013-6475 |
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-6474 |
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-6890 |
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. Published: December 23, 2013; 5:55:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2251 |
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. Published: January 10, 2013; 8:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2010-4001 |
GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script Published: November 05, 2010; 8:00:02 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2010-1439 |
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file. Published: June 07, 2010; 1:12:48 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2009-3553 |
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Published: November 19, 2009; 9:30:00 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2009-3547 |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Published: November 04, 2009; 10:30:00 AM -0500 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2009-3611 |
common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. Published: October 26, 2009; 12:30:00 PM -0400 |
V3.1: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2009-3621 |
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. Published: October 22, 2009; 12:00:00 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2009-3620 |
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. Published: October 22, 2009; 12:00:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.9 MEDIUM |
CVE-2009-2910 |
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. Published: October 20, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |