Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5099 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-0103 | 2 Fedoraproject, Zarafa | 3 Fedora, Webapp, Zarafa | 2015-11-04 | N/A |
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | ||||
CVE-2015-1165 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2015-10-28 | N/A |
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | ||||
CVE-2015-1464 | 2 Bestpractical, Fedoraproject | 2 Request Tracker, Fedora | 2015-10-28 | N/A |
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | ||||
CVE-2014-8488 | 2 Fedoraproject, Yourls | 2 Fedora, Yourls | 2015-09-03 | N/A |
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. | ||||
CVE-2013-6494 | 2 Fedoraproject, Fedup Project | 2 Fedora, Fedup | 2014-12-02 | N/A |
fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). | ||||
CVE-2014-4909 | 4 Canonical, Fedoraproject, Gentoo and 1 more | 4 Ubuntu Linux, Fedora, Linux and 1 more | 2014-11-14 | N/A |
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. | ||||
CVE-2014-1685 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2014-05-09 | N/A |
The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. | ||||
CVE-2014-1682 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2014-05-09 | N/A |
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | ||||
CVE-2010-5109 | 2 Fedoraproject, Randall Hand | 2 Fedora, Yerase\'s Tnef Stream Reader | 2014-05-05 | N/A |
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. | ||||
CVE-2014-2287 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2014-04-21 | N/A |
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. | ||||
CVE-2014-2286 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2014-04-21 | N/A |
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. | ||||
CVE-2012-2095 | 2 David Paleino, Fedoraproject | 2 Wicd, Fedora | 2014-04-08 | N/A |
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. | ||||
CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2014-03-17 | N/A |
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | ||||
CVE-2010-0746 | 1 Fedoraproject | 1 Fedora | 2014-01-14 | N/A |
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device. | ||||
CVE-2013-6890 | 3 Debian, Fedoraproject, Phil Schwartz | 3 Debian Linux, Fedora, Denyhosts | 2013-12-24 | N/A |
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | ||||
CVE-2013-1812 | 2 Fedoraproject, Janrain | 2 Fedora, Ruby-openid | 2013-12-13 | N/A |
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | ||||
CVE-2012-3354 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2013-12-13 | N/A |
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. | ||||
CVE-2012-4415 | 2 Fedoraproject, Guac-dev | 2 Fedora, Guacamole | 2012-10-01 | N/A |
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. | ||||
CVE-2009-1896 | 2 Fedoraproject, Sun | 2 Fedora, Openjdk | 2009-08-26 | N/A |
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. |