Search Results (Refine Search)
- CPE Product Version: cpe:/o:fedoraproject:fedora:16
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-1155 |
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to Published: November 14, 2019; 11:15:14 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-0049 |
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. Published: November 07, 2019; 1:15:11 PM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2015-8837 |
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. Published: March 30, 2016; 6:59:01 AM -0400 |
V3.0: 7.3 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-8836 |
Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. Published: March 30, 2016; 6:59:00 AM -0400 |
V3.0: 7.3 HIGH V2.0: 6.8 MEDIUM |
CVE-2010-5109 |
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. Published: May 05, 2014; 1:06:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2095 |
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. Published: April 07, 2014; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2011-4930 |
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. Published: February 10, 2014; 1:15:09 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2013-0237 |
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. Published: July 08, 2013; 4:55:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-6129 |
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets." Published: April 02, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1568 |
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. Published: March 01, 2013; 12:40:15 AM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2012-6075 |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Published: February 12, 2013; 8:55:03 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0170 |
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. Published: February 08, 2013; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-5656 |
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. Published: January 18, 2013; 6:48:40 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2012-3354 |
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. Published: November 19, 2012; 7:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4406 |
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. Published: October 22, 2012; 7:55:06 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2012-4453 |
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. Published: October 09, 2012; 7:55:05 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-4415 |
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. Published: September 30, 2012; 11:26:16 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1149 |
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Published: June 21, 2012; 11:55:11 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-0037 |
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. Published: June 16, 2012; 11:41:40 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-1988 |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. Published: May 29, 2012; 4:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |