Vulmon Recent Vulnerabilities Trends About Contact

fedora vulnerabilities and exploits

(subscribe to this query)

10
CVSSv2
CVE-2008-3252
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period....
FedoraNewsx
4.3
CVSSv2
CVE-2015-3983
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per...
FedoraPacemaker Configuration System
6.2
CVSSv2
CVE-2010-0746
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device....
FedoraprojectFedora
4.6
CVSSv2
CVE-2012-4480
mom creates world-writable pid files in /var/run...
FedoraprojectFedora
5
CVSSv2
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users....
FedoraprojectFedora
7.5
CVSSv2
CVE-2013-1437
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value....
FedoraprojectFedora
4.9
CVSSv2
CVE-2008-3832
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function....
RedhatFedora
7.5
CVSSv2
CVE-2019-19010
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands....
FedoraprojectFedora
4.3
CVSSv2
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI....
FedoraprojectFedora
3.6
CVSSv2
CVE-2013-0159
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg....
FedoraprojectFedora
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
elevation of privilegeremote attackersCVE-2019-20818avayaCVE-2020-13830XML external entityCVE-2018-21241ip officeCVE-2020-10136CVE-2020-13807foxitsoftwareCVE-2020-3956chrome