U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
There are 116 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Published: February 05, 2021; 7:15:12 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Published: February 17, 2020; 5:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

Published: February 06, 2020; 10:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2010-5304

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Published: February 05, 2020; 3:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

Published: January 28, 2020; 11:15:11 AM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

Published: January 28, 2020; 10:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-1437

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

Published: January 28, 2020; 10:15:14 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-4752

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

Published: January 02, 2020; 12:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Published: December 31, 2019; 2:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-4161

gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.

Published: December 31, 2019; 2:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2013-4158

smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)

Published: December 11, 2019; 8:15:10 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

Published: December 10, 2019; 10:15:11 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-4411

Review Board: URL processing gives unauthorized users access to review lists

Published: December 03, 2019; 10:15:11 AM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2013-4410

ReviewBoard: has an access-control problem in REST API

Published: December 02, 2019; 1:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2012-5617

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

Published: November 25, 2019; 9:15:11 AM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2014-5118

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

Published: November 18, 2019; 6:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2014-0021

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

Published: November 15, 2019; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-4409

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Published: November 04, 2019; 4:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-4251

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Published: November 04, 2019; 3:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2013-4168

Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.

Published: November 01, 2019; 4:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM