National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:fedoraproject:fedora:20
There are 164 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Published: February 17, 2020; 05:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2010-5304

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Published: February 05, 2020; 03:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

Published: January 28, 2020; 11:15:11 AM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

Published: January 28, 2020; 10:15:14 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

Published: January 24, 2020; 02:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-4411

Review Board: URL processing gives unauthorized users access to review lists

Published: December 03, 2019; 10:15:11 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2013-4410

ReviewBoard: has an access-control problem in REST API

Published: December 02, 2019; 01:15:10 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Published: December 02, 2019; 01:15:09 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-2793

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.

Published: November 21, 2019; 03:15:15 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-5118

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

Published: November 18, 2019; 06:15:11 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2014-0021

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

Published: November 15, 2019; 10:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

Published: November 13, 2019; 04:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Published: November 05, 2019; 05:15:10 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-4409

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Published: November 04, 2019; 04:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-4251

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Published: November 04, 2019; 03:15:09 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-3844

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Published: April 26, 2019; 05:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

Published: April 24, 2019; 12:29:02 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

Published: April 22, 2019; 07:29:03 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-1400

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

Published: April 10, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2014-1399

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

Published: April 10, 2018; 11:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM