Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-14312 |
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Published: February 05, 2021; 7:15:12 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-1895 |
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. Published: January 28, 2020; 10:15:14 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-4451 |
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. Published: January 03, 2020; 12:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-5645 |
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. Published: December 30, 2019; 3:15:11 PM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2012-2130 |
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. Published: December 06, 2019; 1:15:10 PM -0500 |
V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2012-1615 |
A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. Published: December 06, 2019; 11:15:10 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2012-1115 |
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Published: December 05, 2019; 4:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-1114 |
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. Published: December 05, 2019; 4:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-4235 |
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees Published: December 03, 2019; 10:15:10 AM -0500 |
V3.1: 4.7 MEDIUM V2.0: 3.3 LOW |
CVE-2012-4480 |
mom creates world-writable pid files in /var/run Published: December 02, 2019; 1:15:09 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2012-5535 |
gnome-system-log polkit policy allows arbitrary files on the system to be read Published: November 25, 2019; 9:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-7810 |
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files Published: November 22, 2019; 10:15:11 AM -0500 |
V3.1: 4.7 MEDIUM V2.0: 3.3 LOW |
CVE-2012-4524 |
xlockmore before 5.43 'dclock' security bypass vulnerability Published: November 21, 2019; 10:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-6136 |
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. Published: November 20, 2019; 10:15:11 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2013-7089 |
ClamAV before 0.97.7: dbg_printhex possible information leak Published: November 15, 2019; 10:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-7088 |
ClamAV before 0.97.7 has buffer overflow in the libclamav component Published: November 15, 2019; 10:15:11 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-7087 |
ClamAV before 0.97.7 has WWPack corrupt heap memory Published: November 15, 2019; 10:15:11 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2012-1170 |
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough Published: November 14, 2019; 12:15:13 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-1169 |
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. Published: November 14, 2019; 12:15:12 PM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2012-1161 |
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results Published: November 14, 2019; 12:15:12 PM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |