Vulnerabilities > Fedoraproject > Fedora > 17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-01 | CVE-2013-0159 | Link Following vulnerability in Fedoraproject Fedora 17/18 The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | 3.6 |
| 2016-03-30 | CVE-2015-8837 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. | 6.8 |
| 2016-03-30 | CVE-2015-8836 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. | 6.8 |
| 2014-05-05 | CVE-2010-5109 | Numeric Errors vulnerability in multiple products Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. | 4.3 |
| 2014-04-07 | CVE-2012-2095 | Improper Input Validation vulnerability in multiple products The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. | 6.9 |
| 2014-02-08 | CVE-2013-2191 | Improper Input Validation vulnerability in multiple products python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. | 4.3 |
| 2013-12-12 | CVE-2013-1812 | Resource Management Errors vulnerability in multiple products The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | 4.3 |
| 2013-11-18 | CVE-2013-2032 | Permissions, Privileges, and Access Controls vulnerability in multiple products MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. | 5.0 |
| 2013-09-30 | CVE-2013-0211 | Numeric Errors vulnerability in multiple products Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | 5.0 |
| 2013-08-17 | CVE-2013-1888 | Link Following vulnerability in multiple products pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. | 2.1 |