U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:fedoraproject:fedora:16
There are 49 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Published: February 05, 2021; 7:15:12 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2011-4088

ABRT might allow attackers to obtain sensitive information from crash reports.

Published: January 31, 2020; 12:15:13 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-4451

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.

Published: January 03, 2020; 12:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-5645

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

Published: December 30, 2019; 3:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2012-1615

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

Published: December 06, 2019; 11:15:10 AM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

Published: December 05, 2019; 4:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

Published: December 05, 2019; 4:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

Published: December 05, 2019; 2:15:15 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2013-4235

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Published: December 03, 2019; 10:15:10 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 3.3 LOW
CVE-2012-4524

xlockmore before 5.43 'dclock' security bypass vulnerability

Published: November 21, 2019; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2011-2726

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.

Published: November 15, 2019; 12:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-1170

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Published: November 14, 2019; 12:15:13 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-1169

Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2012-1161

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2012-1160

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2012-1159

Moodle before 2.2.2: Overview report allows users to see hidden courses

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2012-1158

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2012-1157

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2012-1168

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

Published: November 14, 2019; 11:15:14 AM -0500
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2012-1156

Moodle before 2.2.2 has users' private files included in course backups

Published: November 14, 2019; 11:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM