Vulmon Recent Vulnerabilities Discussions Trends About Contact

fedora vulnerabilities and exploits

10
CVSSv2
CVE-2008-3252
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period....
FedoraNewsx
4.3
CVSSv2
CVE-2015-3983
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per...
FedoraPacemaker Configuration System
5
CVSSv2
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users....
FedoraprojectFedora
5
CVSSv2
CVE-2019-10191
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol....
FedoraprojectFedora
7.2
CVSSv2
CVE-2014-7272
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race...
FedoraprojectFedora
4.6
CVSSv2
CVE-2012-4480
mom creates world-writable pid files in /var/run...
FedoraprojectFedora
6.2
CVSSv2
CVE-2010-0746
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device....
FedoraprojectFedora
3.6
CVSSv2
CVE-2013-0159
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg....
FedoraprojectFedora
4.3
CVSSv2
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI....
FedoraprojectFedora
7.5
CVSSv2
CVE-2019-19010
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands....
FedoraprojectFedora
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-16018CVE-2020-0674CVE-2020-3136CVE-2013-4462CVE-2020-0610denial of serviceTCPCVE-2019-20429spoof