Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 18 vulnerabilities and exploits
(subscribe to this query)
6.3
CVSSv3
CVE-2012-5630
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
Libuser Project Libuser 0.57
Libuser Project Libuser 0.58
Fedoraproject Fedora 18
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
5.5
CVSSv3
CVE-2012-5474
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package prior to 2012.1.1) is world readable and exposes the secret key value.
Redhat Openstack 2.0
Openstack Horizon
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 18
7.5
CVSSv3
CVE-2013-4357
The eglibc package prior to 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
Eglibc Eglibc
Novell Suse Linux Enterprise Server 11.0
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Fedoraproject Fedora 18
Fedoraproject Fedora 19
NA
CVE-2013-2139
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and previous versions allows remote malicious users to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
Opensuse Opensuse 12.3
Fedoraproject Fedora 18
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Opensuse Opensuse 13.1
Cisco Libsrtp
Cisco Libsrtp 1.4.4
Cisco Libsrtp 1.4.2
Cisco Libsrtp 1.0.5
Cisco Libsrtp 1.0.4
Cisco Libsrtp 1.0.2
Cisco Libsrtp 1.0.1
Cisco Libsrtp 1.4.0
Cisco Libsrtp 1.0.6
Cisco Libsrtp 1.4.1
Cisco Libsrtp 1.3.20
6.5
CVSSv3
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the ra...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
3.7
CVSSv3
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an malicious user to ...
C-ares Project C-ares
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.8
CVSSv3
CVE-2021-22543
An issue exists in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of me...
Linux Linux Kernel 2021-05-18
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp H410c Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp Cloud Backup -
Netapp Solidfire Baseboard Management Controller Firmware -
7.5
CVSSv3
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerab...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
5.5
CVSSv3
CVE-2012-5644
libuser has information disclosure when moving user's home directory
Libuser Project Libuser -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 18
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
8.8
CVSSv3
CVE-2023-32006
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and,...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »