National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:fedoraproject:fedora:17
There are 16 matching records.
Vuln ID Summary CVSS Severity
CVE-2013-0159

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

Published: May 01, 2018; 03:29:00 PM -04:00
V3: 7.1 HIGH
V2: 3.6 LOW
CVE-2015-8837

Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.

Published: March 30, 2016; 06:59:01 AM -04:00
V3: 7.3 HIGH
V2: 6.8 MEDIUM
CVE-2015-8836

Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.

Published: March 30, 2016; 06:59:00 AM -04:00
V3: 7.3 HIGH
V2: 6.8 MEDIUM
CVE-2010-5109

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.

Published: May 05, 2014; 01:06:02 PM -04:00
V2: 4.3 MEDIUM
CVE-2012-2095

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.

Published: April 07, 2014; 11:55:04 AM -04:00
V2: 6.9 MEDIUM
CVE-2013-2191

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.

Published: February 07, 2014; 07:55:06 PM -05:00
V2: 4.3 MEDIUM
CVE-2013-0348

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

Published: December 13, 2013; 01:07:54 PM -05:00
V2: 2.1 LOW
CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

Published: December 12, 2013; 01:55:10 PM -05:00
V2: 4.3 MEDIUM
CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

Published: November 17, 2013; 09:55:07 PM -05:00
V2: 5.0 MEDIUM
CVE-2013-0211

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Published: September 30, 2013; 06:55:04 PM -04:00
V2: 5.0 MEDIUM
CVE-2013-0237

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Published: July 08, 2013; 04:55:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2013-1830

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.

Published: March 25, 2013; 05:55:02 PM -04:00
V2: 5.0 MEDIUM
CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Published: February 08, 2013; 03:55:01 PM -05:00
V2: 9.3 HIGH
CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

Published: November 19, 2012; 07:55:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2012-4453

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

Published: October 09, 2012; 07:55:05 PM -04:00
V2: 2.1 LOW
CVE-2012-4415

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.

Published: September 30, 2012; 11:26:16 PM -04:00
V2: 7.5 HIGH