Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-3882 |
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Published: April 24, 2019; 12:29:02 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-11234 |
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Published: April 22, 2019; 7:29:03 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-0477 |
The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address. Published: July 03, 2014; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3470 |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Published: June 05, 2014; 5:55:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0221 |
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. Published: June 05, 2014; 5:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-6476 |
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2013-6475 |
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-6474 |
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. Published: March 14, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-6890 |
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. Published: December 23, 2013; 5:55:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2251 |
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. Published: January 10, 2013; 8:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2010-4001 |
GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script Published: November 05, 2010; 8:00:02 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2010-1439 |
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file. Published: June 07, 2010; 1:12:48 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2009-3564 |
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files. Published: October 06, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |