Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2014-04-18 CVE-2014-2286 Improper Input Validation vulnerability in multiple products
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
network
low complexity
digium fedoraproject CWE-20
7.5
2014-04-14 CVE-2010-5298 Race Condition vulnerability in multiple products
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
network
high complexity
openssl mariadb fedoraproject suse CWE-362
4.0
2014-04-07 CVE-2014-0160 Out-of-bounds Read vulnerability in multiple products
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
7.5
2014-04-07 CVE-2012-2095 Improper Input Validation vulnerability in multiple products
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
6.9
2014-04-01 CVE-2014-2678 Null Pointer Dereference vulnerability in multiple products
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
4.7
2014-03-27 CVE-2014-2326 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2014-03-14 CVE-2013-6476 Permissions, Privileges, and Access Controls vulnerability in multiple products
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
4.4
2014-03-14 CVE-2013-6475 Numeric Errors vulnerability in multiple products
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
6.8
2014-03-14 CVE-2013-6474 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
6.8
2014-02-08 CVE-2013-2191 Improper Input Validation vulnerability in multiple products
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
4.3