Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 4877 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0219 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2024-11-21 3.7 LOW N/A
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
CVE-2013-0211 5 Canonical, Fedoraproject, Freebsd and 2 more 5 Ubuntu Linux, Fedora, Freebsd and 2 more 2024-11-21 5.0 MEDIUM N/A
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
CVE-2013-0170 5 Canonical, Fedoraproject, Opensuse and 2 more 11 Ubuntu Linux, Fedora, Opensuse and 8 more 2024-11-21 6.8 MEDIUM N/A
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
CVE-2013-0159 1 Fedoraproject 1 Fedora 2024-11-21 3.6 LOW 7.1 HIGH
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
CVE-2012-6136 3 Debian, Fedoraproject, Redhat 7 Debian Linux, Fedora, Enterprise Linux and 4 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
CVE-2012-6129 3 Canonical, Fedoraproject, Transmissionbt 3 Ubuntu Linux, Fedora, Transmission 2024-11-21 7.5 HIGH N/A
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
CVE-2012-6075 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2024-11-21 9.3 HIGH N/A
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
CVE-2012-5656 4 Canonical, Fedoraproject, Inkscape and 1 more 4 Ubuntu Linux, Fedora, Inkscape and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
CVE-2012-5645 2 Fedoraproject, Freeciv 2 Fedora, Freeciv 2024-11-21 7.8 HIGH 7.5 HIGH
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.
CVE-2012-5644 4 Debian, Fedoraproject, Libuser Project and 1 more 4 Debian Linux, Fedora, Libuser and 1 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
libuser has information disclosure when moving user's home directory
CVE-2012-5630 3 Fedoraproject, Libuser Project, Redhat 3 Fedora, Libuser, Enterprise Linux 2024-11-21 3.3 LOW 6.3 MEDIUM
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
CVE-2012-5617 2 Fedoraproject, Gksu-polkit Project 2 Fedora, Gksu-polkit 2024-11-21 7.2 HIGH 7.8 HIGH
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation
CVE-2012-5535 2 Fedoraproject, Gnome 2 Fedora, Gnome-system-log 2024-11-21 5.0 MEDIUM 7.5 HIGH
gnome-system-log polkit policy allows arbitrary files on the system to be read
CVE-2012-5474 4 Debian, Fedoraproject, Openstack and 1 more 4 Debian Linux, Fedora, Horizon and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
CVE-2012-4528 3 Fedoraproject, Opensuse, Trustwave 3 Fedora, Opensuse, Modsecurity 2024-11-21 5.0 MEDIUM N/A
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
CVE-2012-4524 2 Fedoraproject, Sillycycle 2 Fedora, Xlockmore 2024-11-21 5.0 MEDIUM 7.5 HIGH
xlockmore before 5.43 'dclock' security bypass vulnerability
CVE-2012-4480 2 Fedoraproject, Ovirt 2 Fedora, Mom 2024-11-21 4.6 MEDIUM 7.8 HIGH
mom creates world-writable pid files in /var/run
CVE-2012-4453 3 Dracut Project, Fedoraproject, Redhat 5 Dracut, Fedora, Enterprise Linux Desktop and 2 more 2024-11-21 2.1 LOW N/A
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
CVE-2012-4451 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
CVE-2012-4450 1 Fedoraproject 1 389 Directory Server 2024-11-21 6.0 MEDIUM N/A
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.