Search Results (Refine Search)
- CPE Product Version: cpe:/o:fedoraproject:fedora:20
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-7271 |
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. Published: March 08, 2018; 3:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2014-3005 |
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. Published: February 01, 2018; 12:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-1859 |
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. Published: January 08, 2018; 2:29:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2014-8119 |
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. Published: December 29, 2017; 5:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-9092 |
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. Published: October 10, 2017; 9:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-0296 |
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. Published: October 06, 2017; 6:29:00 PM -0400 |
V3.0: 4.7 MEDIUM V2.0: 1.2 LOW |
CVE-2015-3420 |
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. Published: September 19, 2017; 11:29:00 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-1395 |
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Published: August 25, 2017; 2:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2014-9637 |
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. Published: August 25, 2017; 2:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2015-1783 |
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. Published: August 11, 2017; 5:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-9114 |
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Published: March 31, 2017; 12:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2015-3209 |
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Published: June 15, 2015; 11:59:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-4106 |
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. Published: June 03, 2015; 4:59:09 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-4047 |
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. Published: May 29, 2015; 11:59:19 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-2922 |
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. Published: May 27, 2015; 6:59:06 AM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2015-1868 |
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. Published: May 18, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-3451 |
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. Published: May 12, 2015; 3:59:21 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1860 |
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Published: May 12, 2015; 3:59:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1859 |
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Published: May 12, 2015; 3:59:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1858 |
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Published: May 12, 2015; 3:59:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |