Total
4367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4572 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | |||||
| CVE-2016-1544 | 2 Fedoraproject, Nghttp2 | 2 Fedora, Nghttp2 | 2020-02-10 | 2.1 LOW | 3.3 LOW |
| nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | |||||
| CVE-2010-5304 | 2 Fedoraproject, Libvncserver Project | 2 Fedora, Libvncserver | 2020-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. | |||||
| CVE-2011-4088 | 3 Abrt Project, Fedoraproject, Redhat | 5 Abrt, Fedora, Enterprise Linux Desktop and 2 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| ABRT might allow attackers to obtain sensitive information from crash reports. | |||||
| CVE-2019-14867 | 2 Fedoraproject, Freeipa | 2 Fedora, Freeipa | 2020-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. | |||||
| CVE-2019-10195 | 2 Fedoraproject, Freeipa | 2 Fedora, Freeipa | 2020-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed. | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2020-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | |||||
| CVE-2013-0294 | 2 Fedoraproject, Pyrad Project | 2 Fedora, Pyrad | 2020-01-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | |||||
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | |||||
| CVE-2019-18660 | 5 Canonical, Fedoraproject, Linux and 2 more | 5 Ubuntu Linux, Fedora, Linux Kernel and 2 more | 2020-01-28 | 1.9 LOW | 4.7 MEDIUM |
| The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | |||||
| CVE-2017-11462 | 2 Fedoraproject, Mit | 2 Fedora, Kerberos 5 | 2020-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | |||||
| CVE-2017-11368 | 2 Fedoraproject, Mit | 3 Fedora, Kerberos, Kerberos 5 | 2020-01-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | |||||
| CVE-2018-16451 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. | |||||
| CVE-2018-16230 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). | |||||
| CVE-2018-16229 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). | |||||
| CVE-2018-16228 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). | |||||
| CVE-2018-16227 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. | |||||
| CVE-2018-14882 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. | |||||
| CVE-2018-14881 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). | |||||