Vulnerabilities (CVE)

Filtered by vendor Fedora Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3983 1 Fedora 1 Pacemaker Configuration System 2024-11-21 4.3 MEDIUM N/A
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types.
CVE-2015-1848 2 Fedora, Redhat 5 Pacemaker Configuration System, Enterprise Linux High Availability, Enterprise Linux High Availability Eus and 2 more 2024-11-21 6.8 MEDIUM N/A
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
CVE-2012-3500 2 Devscripts Devel Team, Fedora 2 Devscripts, Rpmdevtools 2024-11-21 1.2 LOW N/A
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
CVE-2008-3283 2 Fedora, Redhat 2 Directory Server, Directory Server 2024-11-21 7.8 HIGH N/A
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
CVE-2008-3252 2 Fedora, Redhat 2 Newsx, Fedora 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
CVE-2008-2930 2 Fedora, Redhat 2 Directory Server, Directory Server 2024-11-21 7.1 HIGH N/A
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
CVE-2008-2929 2 Fedora, Redhat 2 Directory Server, Directory Server 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.