Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-14312 |
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Published: February 05, 2021; 7:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-8089 |
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. Published: February 17, 2020; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-4572 |
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. Published: February 06, 2020; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2010-5304 |
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. Published: February 05, 2020; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-0294 |
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. Published: January 28, 2020; 11:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-2581 |
Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. Published: January 28, 2020; 10:15:14 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-1437 |
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. Published: January 28, 2020; 10:15:14 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-4752 |
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. Published: January 02, 2020; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-4357 |
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Published: December 31, 2019; 2:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-4161 |
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Published: December 31, 2019; 2:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2013-4158 |
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) Published: December 11, 2019; 8:15:10 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-2166 |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass Published: December 10, 2019; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-4411 |
Review Board: URL processing gives unauthorized users access to review lists Published: December 03, 2019; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2013-4410 |
ReviewBoard: has an access-control problem in REST API Published: December 02, 2019; 1:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-5617 |
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation Published: November 25, 2019; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2014-5118 |
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability Published: November 18, 2019; 6:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2014-0021 |
Chrony before 1.29.1 has traffic amplification in cmdmon protocol Published: November 15, 2019; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2010-4661 |
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. Published: November 13, 2019; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2013-4409 |
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Published: November 04, 2019; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-4251 |
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. Published: November 04, 2019; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |