Vulnerabilities > Fedoraproject > Fedora > 15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2012-1157 | Incorrect Default Permissions vulnerability in multiple products Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | 4.0 |
| 2019-11-14 | CVE-2012-1168 | Improper Input Validation vulnerability in multiple products Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 6.4 |
| 2019-11-14 | CVE-2012-1156 | Information Exposure Through Log Files vulnerability in multiple products Moodle before 2.2.2 has users' private files included in course backups | 5.0 |
| 2019-11-14 | CVE-2012-1155 | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 5.0 |
| 2019-11-07 | CVE-2012-0049 | Resource Exhaustion vulnerability in multiple products OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | 4.0 |
| 2014-04-07 | CVE-2012-2095 | Improper Input Validation vulnerability in multiple products The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. | 6.9 |
| 2012-04-17 | CVE-2012-2089 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | 6.8 |
| 2012-04-17 | CVE-2012-1180 | Use After Free vulnerability in multiple products Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | 5.0 |
| 2011-12-25 | CVE-2011-4862 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. network low complexity gnu heimdal-project mit freebsd fedoraproject debian opensuse suse CWE-120 critical | 10.0 |
| 2011-11-17 | CVE-2011-4107 | XXE vulnerability in multiple products The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | 6.5 |