Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-14312 |
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Published: February 05, 2021; 7:15:12 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-4572 |
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. Published: February 06, 2020; 10:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-0294 |
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. Published: January 28, 2020; 11:15:11 AM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-1895 |
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. Published: January 28, 2020; 10:15:14 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-1437 |
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. Published: January 28, 2020; 10:15:14 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-4752 |
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. Published: January 02, 2020; 12:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-4357 |
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Published: December 31, 2019; 2:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-4161 |
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Published: December 31, 2019; 2:15:10 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2012-5645 |
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. Published: December 30, 2019; 3:15:11 PM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2012-5474 |
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. Published: December 30, 2019; 3:15:11 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2013-4158 |
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) Published: December 11, 2019; 8:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-1115 |
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Published: December 05, 2019; 4:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-1114 |
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. Published: December 05, 2019; 4:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-4411 |
Review Board: URL processing gives unauthorized users access to review lists Published: December 03, 2019; 10:15:11 AM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2013-4410 |
ReviewBoard: has an access-control problem in REST API Published: December 02, 2019; 1:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-4480 |
mom creates world-writable pid files in /var/run Published: December 02, 2019; 1:15:09 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2012-5644 |
libuser has information disclosure when moving user's home directory Published: November 25, 2019; 10:15:12 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2012-5630 |
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. Published: November 25, 2019; 9:15:11 AM -0500 |
V3.1: 6.3 MEDIUM V2.0: 3.3 LOW |
CVE-2012-5617 |
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation Published: November 25, 2019; 9:15:11 AM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2012-5535 |
gnome-system-log polkit policy allows arbitrary files on the system to be read Published: November 25, 2019; 9:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |