Filtered by vendor Fedoraproject
Subscribe
Total
4877 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0219 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2024-11-21 | 3.7 LOW | N/A |
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. | |||||
CVE-2013-0211 | 5 Canonical, Fedoraproject, Freebsd and 2 more | 5 Ubuntu Linux, Fedora, Freebsd and 2 more | 2024-11-21 | 5.0 MEDIUM | N/A |
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | |||||
CVE-2013-0170 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 11 Ubuntu Linux, Fedora, Opensuse and 8 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. | |||||
CVE-2013-0159 | 1 Fedoraproject | 1 Fedora | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | |||||
CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |||||
CVE-2012-6129 | 3 Canonical, Fedoraproject, Transmissionbt | 3 Ubuntu Linux, Fedora, Transmission | 2024-11-21 | 7.5 HIGH | N/A |
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets." | |||||
CVE-2012-6075 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 9.3 HIGH | N/A |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. | |||||
CVE-2012-5656 | 4 Canonical, Fedoraproject, Inkscape and 1 more | 4 Ubuntu Linux, Fedora, Inkscape and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | |||||
CVE-2012-5645 | 2 Fedoraproject, Freeciv | 2 Fedora, Freeciv | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. | |||||
CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
libuser has information disclosure when moving user's home directory | |||||
CVE-2012-5630 | 3 Fedoraproject, Libuser Project, Redhat | 3 Fedora, Libuser, Enterprise Linux | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | |||||
CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | |||||
CVE-2012-5535 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-system-log | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
gnome-system-log polkit policy allows arbitrary files on the system to be read | |||||
CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | |||||
CVE-2012-4528 | 3 Fedoraproject, Opensuse, Trustwave | 3 Fedora, Opensuse, Modsecurity | 2024-11-21 | 5.0 MEDIUM | N/A |
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. | |||||
CVE-2012-4524 | 2 Fedoraproject, Sillycycle | 2 Fedora, Xlockmore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
xlockmore before 5.43 'dclock' security bypass vulnerability | |||||
CVE-2012-4480 | 2 Fedoraproject, Ovirt | 2 Fedora, Mom | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
mom creates world-writable pid files in /var/run | |||||
CVE-2012-4453 | 3 Dracut Project, Fedoraproject, Redhat | 5 Dracut, Fedora, Enterprise Linux Desktop and 2 more | 2024-11-21 | 2.1 LOW | N/A |
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | |||||
CVE-2012-4451 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | |||||
CVE-2012-4450 | 1 Fedoraproject | 1 389 Directory Server | 2024-11-21 | 6.0 MEDIUM | N/A |
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. |