Fedoraproject Security Vulnerabilities
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protecti...
7.3AI Score
0.001EPSS
A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.
7.8CVSS
7.3AI Score
0.0004EPSS
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pa...
7AI Score
0.005EPSS
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
7.9AI Score
0.024EPSS
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
6.3AI Score
0.0004EPSS
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
7.4CVSS
7.2AI Score
0.026EPSS
The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
6.5AI Score
0.0004EPSS
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
6.6AI Score
0.002EPSS
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
6.2AI Score
0.002EPSS
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
6.1AI Score
0.006EPSS
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML extern...
9.1CVSS
9AI Score
0.217EPSS
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
8.8CVSS
8.5AI Score
0.002EPSS
The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.
6.2AI Score
0.0004EPSS
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
9.8CVSS
9.4AI Score
0.05EPSS
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.
7.8AI Score
0.268EPSS
7.5CVSS
7.4AI Score
0.026EPSS
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.
6.1AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) V...
6.1CVSS
6AI Score
0.003EPSS
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
6AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.4AI Score
0.005EPSS
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
6.6AI Score
0.013EPSS
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
5.5CVSS
5.5AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.002EPSS
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation
7.8CVSS
7.6AI Score
0.0004EPSS
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
6.3CVSS
5.7AI Score
0.0004EPSS
5.5CVSS
5.6AI Score
0.0004EPSS
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.
7.5CVSS
7.2AI Score
0.02EPSS
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
5.5CVSS
5.3AI Score
0.001EPSS
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
7.8AI Score
0.02EPSS
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
8AI Score
0.071EPSS
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
5.5CVSS
5.4AI Score
0.0004EPSS
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
7.1CVSS
6.8AI Score
0.0004EPSS
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by trig...
7.5AI Score
0.018EPSS
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion ...
7.7AI Score
0.006EPSS
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
6.1AI Score
0.0004EPSS
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of servi...
6.3AI Score
0.049EPSS
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
5.5AI Score
0.002EPSS
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
6AI Score
0.002EPSS
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
5.9CVSS
4.5AI Score
0.007EPSS
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
6.3AI Score
0.034EPSS
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
9.2AI Score
0.006EPSS
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
6AI Score
0.0004EPSS
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash...
5.9AI Score
0.956EPSS
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.
9.8CVSS
9.6AI Score
0.007EPSS
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
6.5AI Score
0.009EPSS
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
7.5CVSS
7.3AI Score
0.012EPSS
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
7.5CVSS
7.3AI Score
0.01EPSS
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
5.5CVSS
5.3AI Score
0.0004EPSS