Fedora 15

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.

Published: 2014-04-07T15:00:00.000Z
Updated: 2024-08-06T19:26:07.705Z

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.

Published: 2012-04-17T21:00:00.000Z
Updated: 2024-08-06T19:26:07.239Z

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.

Published: 2012-05-29T20:00:00.000Z
Updated: 2024-08-06T19:17:27.716Z

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.

Published: 2013-03-01T02:00:00.000Z
Updated: 2024-08-06T19:01:02.689Z

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Published: 2012-04-17T21:00:00.000Z
Updated: 2024-08-06T18:53:35.626Z

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Published: 2019-11-14T16:29:28.000Z
Updated: 2024-08-06T18:53:36.290Z

Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.

Published: 2019-11-14T16:26:14.000Z
Updated: 2024-08-06T18:53:35.717Z

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

Published: 2019-11-14T15:56:53.000Z
Updated: 2024-08-06T18:53:35.678Z

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

Published: 2019-11-14T16:34:04.000Z
Updated: 2024-08-06T18:53:35.446Z

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php

Published: 2019-11-14T16:21:05.000Z
Updated: 2024-08-06T18:53:35.447Z

Moodle before 2.2.2: Overview report allows users to see hidden courses

Published: 2019-11-14T16:16:55.000Z
Updated: 2024-08-06T18:53:35.576Z

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

Published: 2019-11-14T16:09:56.000Z
Updated: 2024-08-06T18:53:35.435Z

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

Published: 2019-11-14T16:05:42.000Z
Updated: 2024-08-06T18:53:35.447Z

Moodle before 2.2.2 has users' private files included in course backups

Published: 2019-11-14T16:01:05.000Z
Updated: 2024-08-06T18:53:35.446Z

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Published: 2019-11-14T15:48:08.000Z
Updated: 2024-08-06T18:53:35.521Z

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Published: 2012-06-21T15:00:00.000Z
Updated: 2024-08-06T18:45:27.489Z

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

Published: 2019-12-05T18:26:36.000Z
Updated: 2024-08-06T18:45:27.250Z

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

Published: 2019-11-07T17:13:26.000Z
Updated: 2024-08-06T18:09:17.244Z

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

Published: 2014-02-10T17:00:00.000Z
Updated: 2024-08-07T00:23:38.555Z

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Published: 2011-12-25T01:00:00.000Z
Updated: 2024-08-07T00:16:35.035Z

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Published: 2011-12-15T02:00:00.000Z
Updated: 2024-10-21T16:11:56.211Z

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.

Published: 2011-12-15T02:00:00.000Z
Updated: 2024-08-07T00:09:18.503Z

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Published: 2011-11-17T19:00:00.000Z
Updated: 2024-08-07T00:01:50.500Z

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Published: 2012-03-22T16:00:00.000Z
Updated: 2025-06-09T15:35:52.219Z

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Published: 2019-11-19T21:20:16.000Z
Updated: 2024-08-06T23:15:31.864Z

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.

Published: 2019-11-15T16:21:51.000Z
Updated: 2024-08-06T23:08:23.951Z

fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

Published: 2011-07-21T23:00:00.000Z
Updated: 2024-08-06T23:00:34.079Z

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Published: 2011-07-07T21:00:00.000Z
Updated: 2024-08-06T22:53:17.373Z

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

Published: 2011-06-14T17:00:00.000Z
Updated: 2024-08-06T22:46:00.839Z

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

Published: 2011-06-06T19:00:00.000Z
Updated: 2024-08-06T22:37:25.818Z

Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.

Published: 2011-06-24T20:00:00.000Z
Updated: 2024-08-06T22:37:25.787Z

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Published: 2011-06-21T01:00:00.000Z
Updated: 2024-08-06T22:37:25.699Z

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Published: 2011-06-06T19:00:00.000Z
Updated: 2024-08-06T22:37:25.754Z

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Published: 2011-07-11T20:00:00.000Z
Updated: 2024-08-06T22:28:41.820Z

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

Published: 2011-03-20T01:00:00.000Z
Updated: 2024-08-06T22:14:27.171Z

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Published: 2011-02-22T18:00:00.000Z
Updated: 2024-08-06T22:14:26.817Z

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Published: 2011-03-02T19:00:00.000Z
Updated: 2024-08-06T22:05:53.406Z