Vulnerabilities > Fedoraproject > Fedora > 15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2012-1157 | Incorrect Default Permissions vulnerability in multiple products Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | 4.3 |
| 2019-11-14 | CVE-2012-1168 | Improper Input Validation vulnerability in multiple products Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 8.2 |
| 2019-11-14 | CVE-2012-1156 | Information Exposure Through Log Files vulnerability in multiple products Moodle before 2.2.2 has users' private files included in course backups | 7.5 |
| 2019-11-14 | CVE-2012-1155 | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 7.5 |
| 2019-11-07 | CVE-2012-0049 | Resource Exhaustion vulnerability in multiple products OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | 4.3 |
| 2011-11-17 | CVE-2011-4107 | XXE vulnerability in multiple products The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | 6.5 |
| 2011-07-21 | CVE-2011-2520 | Deserialization of Untrusted Data vulnerability in multiple products fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. | 7.8 |
| 2011-06-24 | CVE-2011-1770 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. | 7.5 |
| 2011-06-21 | CVE-2011-1755 | XML Entity Expansion vulnerability in multiple products jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 7.5 |