Vulmon Recent Vulnerabilities Trends Blog About Contact

fedora vulnerabilities and exploits

(subscribe to this query)

7.2
CVSSv2
CVE-2008-2359
The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration....
Fedora 8 Consolehelper 1.4.4Fedora 8 Consolehelper 1.4.5Fedora 8 Consolehelper 1.4.6Fedora 8 Consolehelper 1.4.7Fedora 8 Consolehelper 1.5.0Fedora 8 Consolehelper 1.5.1Fedora 8 Consolehelper 1.5.2Fedora 8 Consolehelper 1.5.3Fedora 8 Consolehelper 1.5.4Fedora 8 Consolehelper 1.5.5Fedora 8 Consolehelper 1.5.6Fedora 8 Consolehelper 1.5.7Fedora 8 Consolehelper 1.5.8Fedora 8 Consolehelper 1.5.9Fedora 8 Consolehelper 1.5.10Redhat Fedora 8 1.4.4Redhat Fedora 8 1.4.5Redhat Fedora 8 1.4.6Redhat Fedora 8 1.4.7Redhat Fedora 8 1.5.Redhat Fedora 8 1.5.0Redhat Fedora 8 1.5.1Redhat Fedora 8 1.5.2Redhat Fedora 8 1.5.3Redhat Fedora 8 1.5.4Redhat Fedora 8 1.5.5Redhat Fedora 8 1.5.6Redhat Fedora 8 1.5.7Redhat Fedora 8 1.5.8Redhat Fedora 8 1.5.9Redhat Fedora 8 1.5.10
4.3
CVSSv2
CVE-2020-27818
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability....
Libpng Pngcheck 2.4.0Fedoraproject Fedora Extra Packages For Enterprise Linux 7.0Fedoraproject Fedora Extra Packages For Enterprise Linux 8.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Fedoraproject Fedora 34
10
CVSSv2
CVE-2020-1747
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process...
Pyyaml PyyamlFedoraproject Fedora 30Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Opensuse Leap 15.1
5
CVSSv2
CVE-2019-10906
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape....
Palletsprojects JinjaFedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30
5
CVSSv2
CVE-2012-1170
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough...
Moodle MoodleFedoraproject Fedora 15Fedoraproject Fedora 16Fedoraproject Fedora 17
5
CVSSv2
CVE-2015-0886
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent....
Mindrot JbcryptFedoraproject Fedora 20Fedoraproject Fedora 21Fedoraproject Fedora 22
6.4
CVSSv2
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data....
Php PhpFedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33
7.5
CVSSv2
CVE-2019-18823
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods...
Wisc HtcondorFedoraproject Fedora 30Fedoraproject Fedora 31Fedoraproject Fedora 32
5
CVSSv2
CVE-2015-8008
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token....
Mediawiki MediawikiFedoraproject Fedora 21Fedoraproject Fedora 22Fedoraproject Fedora 23
4.3
CVSSv2
CVE-2015-2793
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi....
Ikiwiki IkiwikiFedoraproject Fedora 20Fedoraproject Fedora 21Fedoraproject Fedora 22
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationTCPCVE-2020-4865CVE-2021-3297CVE-2018-15473CVE-2021-3317CVE-2021-23240denial of serviceCVE-2020-16107