Filtered by vendor Fedora
Subscribe
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3983 | 1 Fedora | 1 Pacemaker Configuration System | 2024-11-21 | 4.3 MEDIUM | N/A |
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types. | |||||
CVE-2015-1848 | 2 Fedora, Redhat | 5 Pacemaker Configuration System, Enterprise Linux High Availability, Enterprise Linux High Availability Eus and 2 more | 2024-11-21 | 6.8 MEDIUM | N/A |
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag. | |||||
CVE-2012-3500 | 2 Devscripts Devel Team, Fedora | 2 Devscripts, Rpmdevtools | 2024-11-21 | 1.2 LOW | N/A |
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. | |||||
CVE-2008-3283 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2024-11-21 | 7.8 HIGH | N/A |
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. | |||||
CVE-2008-3252 | 2 Fedora, Redhat | 2 Newsx, Fedora | 2024-11-21 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. | |||||
CVE-2008-2930 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2024-11-21 | 7.1 HIGH | N/A |
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. | |||||
CVE-2008-2929 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping. |