Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4172 | 3 Apereo, Debian, Fedoraproject | 5 .net Cas Client, Java Cas Client, Phpcas and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | |||||
| CVE-2014-3956 | 4 Fedoraproject, Freebsd, Hp and 1 more | 4 Fedora, Freebsd, Hpux and 1 more | 2024-11-21 | 1.9 LOW | N/A |
| The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. | |||||
| CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2024-11-21 | 4.3 MEDIUM | 3.4 LOW |
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
| CVE-2014-3562 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | N/A |
| Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. | |||||
| CVE-2014-3537 | 3 Apple, Canonical, Fedoraproject | 3 Cups, Ubuntu Linux, Fedora | 2024-11-21 | 1.2 LOW | N/A |
| The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | |||||
| CVE-2014-3499 | 2 Docker, Fedoraproject | 2 Docker, Fedora | 2024-11-21 | 7.2 HIGH | N/A |
| Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-3470 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 11 Fedora, Mariadb, Openssl and 8 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. | |||||
| CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2024-11-21 | 4.3 MEDIUM | 7.8 HIGH |
| fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | |||||
| CVE-2014-3152 | 2 Fedoraproject, Google | 3 Fedora, Chrome, V8 | 2024-11-21 | 7.5 HIGH | N/A |
| Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. | |||||
| CVE-2014-3005 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||
| CVE-2014-2678 | 3 Fedoraproject, Linux, Oracle | 3 Fedora, Linux Kernel, Linux | 2024-11-21 | 4.7 MEDIUM | N/A |
| The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. | |||||
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | |||||
| CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2024-11-21 | 3.3 LOW | N/A |
| The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | |||||
| CVE-2014-2328 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.5 MEDIUM | N/A |
| lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2014-2326 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2287 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2024-11-21 | 3.5 LOW | N/A |
| channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. | |||||
| CVE-2014-2286 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2024-11-21 | 7.5 HIGH | N/A |
| main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. | |||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-1685 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 5.5 MEDIUM | N/A |
| The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. | |||||
| CVE-2014-1682 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 4.0 MEDIUM | N/A |
| The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | |||||