Vulnerabilities > Redhat > Fedora

DATE CVE VULNERABILITY TITLE RISK
2018-11-09 CVE-2018-19139 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue has been found in JasPer 2.0.14.
4.3
2014-12-06 CVE-2014-9278 Improper Authentication vulnerability in Openbsd Openssh
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
network
low complexity
openbsd redhat CWE-287
4.0
2011-01-14 CVE-2010-4695 Buffer Errors vulnerability in Catb Gif2Png 2.5.1/2.5.2
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
network
low complexity
catb debian redhat CWE-119
5.0
2009-05-06 CVE-2009-1573 Permissions, Privileges, and Access Controls vulnerability in multiple products
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
4.6
2009-04-27 CVE-2008-6755 Permissions, Privileges, and Access Controls vulnerability in Zoneminder 1.23.3
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
network
low complexity
zoneminder redhat CWE-264
5.0
2009-01-20 CVE-2009-0180 Permissions, Privileges, and Access Controls vulnerability in NFS Nfs-Utils
Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.
network
low complexity
nfs redhat CWE-264
7.5
2008-09-29 CVE-2008-3524 Link Following vulnerability in Redhat Fedora and Initscripts
rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.
local
redhat CWE-59
4.7
2008-07-21 CVE-2008-3252 Buffer Errors vulnerability in Fedora Newsx 1.6
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
network
low complexity
redhat fedora CWE-119
critical
10.0
2008-07-07 CVE-2008-2808 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
4.3
2008-04-15 CVE-2008-1796 Denial-Of-Service vulnerability in Comix 3.6.4
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service.
local
low complexity
redhat comix
4.9