U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:fedoraproject:fedora:19
There are 116 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2013-4751

php-symfony2-Validator has loss of information during serialization

Published: November 01, 2019; 9:15:11 AM -0400
V3.1: 8.1 HIGH
V2.0: 4.9 MEDIUM
CVE-2014-1400

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

Published: April 10, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2014-1399

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

Published: April 10, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2014-1398

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

Published: April 10, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2014-3219

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

Published: February 09, 2018; 5:29:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 4.3 MEDIUM
CVE-2014-3005

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Published: February 01, 2018; 12:29:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2014-1859

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

Published: January 08, 2018; 2:29:00 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Published: December 28, 2014; 7:59:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8964

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Published: December 16, 2014; 1:59:10 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8737

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

Published: December 09, 2014; 6:59:07 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2014-8504

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

Published: December 09, 2014; 6:59:06 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8503

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

Published: December 09, 2014; 6:59:05 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8502

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

Published: December 09, 2014; 6:59:04 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8501

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Published: December 09, 2014; 6:59:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8485

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

Published: December 09, 2014; 6:59:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8484

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

Published: December 09, 2014; 6:59:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8990

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

Published: December 05, 2014; 11:59:11 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-6494

fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).

Published: December 01, 2014; 8:59:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-0334

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Published: October 31, 2014; 10:55:02 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published: October 14, 2014; 8:55:02 PM -0400
V3.1: 3.4 LOW
V2.0: 4.3 MEDIUM