Vulnerabilities > Fedoraproject > Fedora > 12

DATE CVE VULNERABILITY TITLE RISK
2021-02-06 CVE-2020-14312 Unspecified vulnerability in Fedoraproject Fedora
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet.
network
fedoraproject
4.3
2019-11-12 CVE-2010-4177 Cleartext Transmission of Sensitive Information vulnerability in multiple products
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.
local
low complexity
oracle fedoraproject CWE-319
2.1
2019-11-12 CVE-2010-3439 Improper Input Validation vulnerability in multiple products
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
network
low complexity
cor-entertainment debian fedoraproject CWE-20
4.0
2019-11-12 CVE-2010-3438 Use of Externally-Controlled Format String vulnerability in multiple products
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds.
7.5
2019-11-06 CVE-2010-4178 Insufficiently Protected Credentials vulnerability in multiple products
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console
local
low complexity
oracle fedoraproject CWE-522
2.1
2014-01-13 CVE-2010-0746 Path Traversal vulnerability in Fedoraproject Fedora 11/12
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via ..
local
high complexity
fedoraproject CWE-22
6.2
2010-11-05 CVE-2010-3702 Null Pointer Dereference vulnerability in multiple products
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
7.5
2010-11-05 CVE-2010-2941 Use After Free vulnerability in multiple products
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
network
low complexity
apple fedoraproject canonical debian opensuse suse redhat CWE-416
critical
9.8
2010-09-24 CVE-2010-1773 Off-By-One Error vulnerability in multiple products
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
6.8
2010-09-24 CVE-2010-1772 Use After Free vulnerability in multiple products
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
8.8