Fedora 18

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Published: 2019-11-22T14:23:51.000Z
Updated: 2024-08-06T07:58:59.892Z

ClamAV before 0.97.7: dbg_printhex possible information leak

Published: 2019-11-15T14:23:32.000Z
Updated: 2024-08-06T17:53:45.841Z

ClamAV before 0.97.7 has buffer overflow in the libclamav component

Published: 2019-11-15T14:19:48.000Z
Updated: 2024-08-06T17:53:46.080Z

ClamAV before 0.97.7 has WWPack corrupt heap memory

Published: 2019-11-15T14:11:00.000Z
Updated: 2024-08-06T17:53:46.137Z

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:46:22.836Z

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:46:22.682Z

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Published: 2013-11-15T20:00:00.000Z
Updated: 2024-08-06T17:46:22.170Z

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.442Z

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.432Z

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.503Z

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.465Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.418Z

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2013-12-11T15:00:00.000Z
Updated: 2024-08-06T17:15:21.492Z

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Published: 2013-07-26T23:00:00.000Z
Updated: 2024-08-06T16:59:39.290Z

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

Published: 2020-01-02T16:07:55.000Z
Updated: 2024-08-06T16:52:27.085Z

php-symfony2-Validator has loss of information during serialization

Published: 2019-11-01T12:33:58.000Z
Updated: 2024-08-06T16:52:26.998Z

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

Published: 2013-11-23T11:00:00.000Z
Updated: 2024-08-06T16:45:15.047Z

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

Published: 2020-02-06T14:40:13.000Z
Updated: 2024-08-06T16:45:15.240Z

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.

Published: 2013-12-24T18:00:00.000Z
Updated: 2024-08-06T16:45:14.842Z

Review Board: URL processing gives unauthorized users access to review lists

Published: 2019-12-03T14:39:53.000Z
Updated: 2024-08-06T16:45:14.255Z

ReviewBoard: has an access-control problem in REST API

Published: 2019-12-02T17:36:52.000Z
Updated: 2024-08-06T16:45:14.855Z

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Published: 2019-11-04T20:45:44.000Z
Updated: 2024-08-06T16:45:14.736Z

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Published: 2019-12-31T18:34:45.000Z
Updated: 2024-08-06T16:38:01.915Z

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

Published: 2013-10-10T10:00:00.000Z
Updated: 2024-08-06T16:38:01.956Z

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

Published: 2019-11-04T19:21:42.000Z
Updated: 2024-08-06T16:38:01.948Z

Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.

Published: 2019-11-01T19:12:30.000Z
Updated: 2024-08-06T16:38:01.378Z

gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.

Published: 2019-12-31T18:13:46.000Z
Updated: 2024-08-06T16:30:50.076Z

smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)

Published: 2019-12-11T12:45:34.000Z
Updated: 2024-08-06T16:30:50.040Z

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Published: 2013-08-05T15:00:00.000Z
Updated: 2024-08-06T16:30:50.000Z

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

Published: 2013-10-09T22:00:00.000Z
Updated: 2024-08-06T15:27:41.090Z

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.

Published: 2014-02-08T00:00:00.000Z
Updated: 2024-08-06T15:27:41.098Z

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

Published: 2014-01-16T02:00:00.000Z
Updated: 2024-08-06T15:27:40.955Z

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

Published: 2013-11-15T18:16:00.000Z
Updated: 2024-08-06T15:20:37.400Z

A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.

Published: 2019-10-31T19:05:05.000Z
Updated: 2024-08-06T15:20:37.228Z

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

Published: 2019-10-31T19:05:01.000Z
Updated: 2024-08-06T15:20:37.209Z

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

Published: 2013-04-25T23:00:00.000Z
Updated: 2024-08-06T15:20:37.326Z

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.

Published: 2020-01-28T14:30:24.000Z
Updated: 2024-08-06T15:20:37.112Z

pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.

Published: 2013-08-16T10:00:00.000Z
Updated: 2024-08-06T15:20:37.202Z

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.

Published: 2013-03-25T21:00:00.000Z
Updated: 2024-08-06T15:13:33.007Z

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

Published: 2019-11-20T19:32:38.000Z
Updated: 2024-08-06T15:13:32.994Z

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

Published: 2019-11-20T19:22:30.000Z
Updated: 2024-08-06T15:13:33.186Z

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

Published: 2013-12-12T18:00:00.000Z
Updated: 2024-08-06T15:13:33.201Z

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

Published: 2020-01-28T14:24:02.000Z
Updated: 2024-08-06T15:04:48.318Z

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

Published: 2013-04-19T10:00:00.000Z
Updated: 2024-08-06T15:04:48.177Z

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

Published: 2013-12-13T18:00:00.000Z
Updated: 2024-08-06T14:25:09.614Z

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

Published: 2020-01-28T15:53:24.000Z
Updated: 2024-08-06T14:18:09.615Z

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Published: 2013-07-08T20:00:00.000Z
Updated: 2024-09-16T22:21:09.232Z

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Published: 2013-09-30T20:00:00.000Z
Updated: 2024-08-06T14:18:09.458Z

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Published: 2013-02-08T20:00:00.000Z
Updated: 2024-08-06T14:18:09.230Z

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

Published: 2018-05-01T19:00:00.000Z
Updated: 2024-08-06T14:18:09.148Z

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Published: 2013-02-13T01:00:00.000Z
Updated: 2024-08-06T21:21:28.811Z

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Published: 2013-01-18T11:00:00.000Z
Updated: 2024-08-06T21:14:16.440Z

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

Published: 2019-12-30T19:57:08.000Z
Updated: 2024-08-06T21:14:16.253Z

libuser has information disclosure when moving user's home directory

Published: 2019-11-25T14:28:24.000Z
Updated: 2024-08-06T21:14:16.203Z

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

Published: 2019-11-25T13:54:40.000Z
Updated: 2024-08-06T21:14:15.982Z

gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

Published: 2019-11-25T13:42:01.000Z
Updated: 2024-08-06T21:14:15.905Z

gnome-system-log polkit policy allows arbitrary files on the system to be read

Published: 2019-11-25T13:11:27.000Z
Updated: 2024-08-06T21:05:47.349Z

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

Published: 2019-12-30T19:36:51.000Z
Updated: 2024-08-06T21:05:47.279Z

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

Published: 2012-12-28T11:00:00.000Z
Updated: 2024-08-06T20:42:54.963Z

xlockmore before 5.43 'dclock' security bypass vulnerability

Published: 2019-11-21T14:11:41.000Z
Updated: 2024-08-06T20:42:53.692Z

mom creates world-writable pid files in /var/run

Published: 2019-12-02T17:44:10.000Z
Updated: 2024-08-06T20:35:09.800Z

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.

Published: 2013-02-13T17:00:00.000Z
Updated: 2025-01-16T20:38:41.614Z

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

Published: 2012-11-20T00:00:00.000Z
Updated: 2024-08-06T20:05:11.629Z

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

Published: 2019-12-05T20:20:25.000Z
Updated: 2024-08-06T18:45:27.466Z

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

Published: 2019-12-05T20:03:52.000Z
Updated: 2024-08-06T18:45:27.370Z

connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.

Published: 2013-12-24T19:00:00.000Z
Updated: 2024-08-07T00:30:46.905Z

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Published: 2013-05-29T10:00:00.000Z
Updated: 2024-08-08T04:06:54.807Z