ReportizFlow
Filtered by vendor Fedoraproject
Subscriptions
Total
5439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4862 | 9 Debian, Fedoraproject, Freebsd and 6 more | 14 Debian Linux, Fedora, Freebsd and 11 more | 2025-04-11 | N/A |
| Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. | ||||
| CVE-2013-2139 | 4 Cisco, Fedoraproject, Opensuse and 1 more | 4 Libsrtp, Fedora, Opensuse and 1 more | 2025-04-11 | N/A |
| Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. | ||||
| CVE-2012-4450 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-11 | N/A |
| 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. | ||||
| CVE-2011-0019 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2025-04-11 | N/A |
| slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. | ||||
| CVE-2010-4577 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2025-04-11 | 7.5 High |
| The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||||
| CVE-2013-2207 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2025-04-11 | N/A |
| pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. | ||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2025-04-11 | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2013-4485 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2025-04-11 | N/A |
| 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. | ||||
| CVE-2013-0237 | 3 Fedoraproject, Moxiecode, Wordpress | 3 Fedora, Plupload, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2012-3354 | 2 Dokuwiki, Fedoraproject | 2 Dokuwiki, Fedora | 2025-04-11 | N/A |
| doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. | ||||
| CVE-2010-1205 | 11 Apple, Canonical, Debian and 8 more | 18 Iphone Os, Itunes, Mac Os X and 15 more | 2025-04-11 | 9.8 Critical |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||||
| CVE-2014-0019 | 3 Dest-unreach, Fedoraproject, Opensuse | 3 Socat, Fedora, Opensuse | 2025-04-11 | N/A |
| Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. | ||||
| CVE-2013-0220 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2025-04-11 | N/A |
| The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. | ||||
| CVE-2013-5611 | 7 Canonical, Fedoraproject, Mozilla and 4 more | 9 Ubuntu Linux, Fedora, Firefox and 6 more | 2025-04-11 | N/A |
| Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. | ||||
| CVE-2012-1180 | 3 Debian, F5, Fedoraproject | 3 Debian Linux, Nginx, Fedora | 2025-04-11 | N/A |
| Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | ||||
| CVE-2012-2314 | 1 Fedoraproject | 1 Anaconda | 2025-04-11 | N/A |
| The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | ||||
| CVE-2010-4341 | 3 Fedorahosted, Fedoraproject, Redhat | 3 Sssd, Sssd, Enterprise Linux | 2025-04-11 | N/A |
| The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. | ||||
| CVE-2010-0395 | 7 Apache, Canonical, Debian and 4 more | 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more | 2025-04-11 | N/A |
| OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. | ||||
| CVE-2010-2940 | 1 Fedoraproject | 1 Sssd | 2025-04-11 | N/A |
| The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. | ||||
| CVE-2013-0211 | 5 Canonical, Fedoraproject, Freebsd and 2 more | 5 Ubuntu Linux, Fedora, Freebsd and 2 more | 2025-04-11 | N/A |
| Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | ||||