Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1165 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2015-10-27 5.0 MEDIUM N/A
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
CVE-2015-1464 2 Bestpractical, Fedoraproject 2 Request Tracker, Fedora 2015-10-27 6.4 MEDIUM N/A
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVE-2014-8488 2 Fedoraproject, Yourls 2 Fedora, Yourls 2015-09-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.
CVE-2013-6494 2 Fedoraproject, Fedup Project 2 Fedora, Fedup 2014-12-02 2.1 LOW N/A
fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).
CVE-2014-4909 4 Canonical, Fedoraproject, Gentoo and 1 more 4 Ubuntu Linux, Fedora, Linux and 1 more 2014-11-13 6.8 MEDIUM N/A
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
CVE-2014-1685 2 Fedoraproject, Zabbix 2 Fedora, Zabbix 2014-05-09 5.5 MEDIUM N/A
The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.
CVE-2014-1682 2 Fedoraproject, Zabbix 2 Fedora, Zabbix 2014-05-09 4.0 MEDIUM N/A
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
CVE-2010-5109 2 Fedoraproject, Randall Hand 2 Fedora, Yerase\'s Tnef Stream Reader 2014-05-05 4.3 MEDIUM N/A
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
CVE-2014-2287 2 Digium, Fedoraproject 3 Asterisk, Certified Asterisk, Fedora 2014-04-21 3.5 LOW N/A
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
CVE-2014-2286 2 Digium, Fedoraproject 3 Asterisk, Certified Asterisk, Fedora 2014-04-21 7.5 HIGH N/A
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
CVE-2012-2095 2 David Paleino, Fedoraproject 2 Wicd, Fedora 2014-04-08 6.9 MEDIUM N/A
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
CVE-2013-6476 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2014-03-17 4.4 MEDIUM N/A
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
CVE-2010-0746 1 Fedoraproject 1 Fedora 2014-01-14 6.2 MEDIUM N/A
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.
CVE-2013-4550 2 Duckcorp, Fedoraproject 2 Bip, Fedora 2014-01-03 5.1 MEDIUM N/A
Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.
CVE-2011-5268 2 Duckcorp, Fedoraproject 2 Bip, Fedora 2014-01-03 4.3 MEDIUM N/A
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.
CVE-2013-6890 3 Debian, Fedoraproject, Phil Schwartz 3 Debian Linux, Fedora, Denyhosts 2013-12-24 5.0 MEDIUM N/A
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
CVE-2013-1812 2 Fedoraproject, Janrain 2 Fedora, Ruby-openid 2013-12-13 4.3 MEDIUM N/A
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
CVE-2012-3354 2 Dokuwiki, Fedoraproject 2 Dokuwiki, Fedora 2013-12-12 4.3 MEDIUM N/A
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
CVE-2013-4283 1 Fedoraproject 1 389 Directory Server 2013-09-11 5.0 MEDIUM N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-0237 3 Fedoraproject, Moxiecode, Wordpress 3 Fedora, Plupload, Wordpress 2013-07-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.