Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
There are 70 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Published: February 05, 2021; 7:15:12 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-1895

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.

Published: January 28, 2020; 10:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-4451

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.

Published: January 03, 2020; 12:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-5645

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

Published: December 30, 2019; 3:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

Published: December 06, 2019; 1:15:10 PM -0500
V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2012-1615

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

Published: December 06, 2019; 11:15:10 AM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

Published: December 05, 2019; 4:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

Published: December 05, 2019; 4:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-4235

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Published: December 03, 2019; 10:15:10 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 3.3 LOW
CVE-2012-4480

mom creates world-writable pid files in /var/run

Published: December 02, 2019; 1:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2012-5535

gnome-system-log polkit policy allows arbitrary files on the system to be read

Published: November 25, 2019; 9:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Published: November 22, 2019; 10:15:11 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 3.3 LOW
CVE-2012-4524

xlockmore before 5.43 'dclock' security bypass vulnerability

Published: November 21, 2019; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

Published: November 20, 2019; 10:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2013-7089

ClamAV before 0.97.7: dbg_printhex possible information leak

Published: November 15, 2019; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-7088

ClamAV before 0.97.7 has buffer overflow in the libclamav component

Published: November 15, 2019; 10:15:11 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-7087

ClamAV before 0.97.7 has WWPack corrupt heap memory

Published: November 15, 2019; 10:15:11 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2012-1170

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Published: November 14, 2019; 12:15:13 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-1169

Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2012-1161

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

Published: November 14, 2019; 12:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM