Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-30 | CVE-2014-1526 | Improper Privilege Management vulnerability in multiple products The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects. | 6.8 |
| 2014-04-30 | CVE-2014-1523 | Out-Of-Bounds Write vulnerability in multiple products Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. | 4.3 |
| 2014-04-30 | CVE-2014-1520 | Improper Privilege Management vulnerability in multiple products maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. | 6.9 |
| 2014-04-23 | CVE-2014-2328 | Remote Command Execution vulnerability in Cacti lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | 6.5 |
| 2014-04-14 | CVE-2010-5298 | Race Condition vulnerability in multiple products Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. | 4.0 |
| 2014-04-07 | CVE-2012-2095 | Improper Input Validation vulnerability in multiple products The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. | 6.9 |
| 2014-04-01 | CVE-2014-2678 | Null Pointer Dereference vulnerability in multiple products The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. | 4.7 |
| 2014-03-27 | CVE-2014-2326 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-03-14 | CVE-2013-6476 | Permissions, Privileges, and Access Controls vulnerability in multiple products The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | 4.4 |
| 2014-03-14 | CVE-2013-6475 | Numeric Errors vulnerability in multiple products Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. | 6.8 |