Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-14 | CVE-2013-6474 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | 6.8 |
| 2014-02-08 | CVE-2013-2191 | Improper Input Validation vulnerability in multiple products python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. | 4.3 |
| 2014-02-06 | CVE-2014-1491 | Inadequate Encryption Strength vulnerability in Mozilla products Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. | 4.3 |
| 2014-01-20 | CVE-2014-0010 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | 6.8 |
| 2014-01-13 | CVE-2010-0746 | Path Traversal vulnerability in Fedoraproject Fedora 11/12 Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. | 6.2 |
| 2013-12-24 | CVE-2011-5268 | Cryptographic Issues vulnerability in multiple products connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. | 4.3 |
| 2013-12-24 | CVE-2013-4550 | Cryptographic Issues vulnerability in multiple products Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. | 5.1 |
| 2013-12-23 | CVE-2013-6890 | Improper Authentication vulnerability in multiple products denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | 5.0 |
| 2013-12-12 | CVE-2013-1812 | Resource Management Errors vulnerability in multiple products The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | 4.3 |
| 2013-12-11 | CVE-2013-6673 | Cryptographic Issues vulnerability in multiple products Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | 4.3 |