Vulnerabilities > Redhat > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-09 | CVE-2018-19139 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue has been found in JasPer 2.0.14. | 4.3 |
| 2014-12-06 | CVE-2014-9278 | Improper Authentication vulnerability in Openbsd Openssh The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | 4.0 |
| 2011-01-14 | CVE-2010-4695 | Buffer Errors vulnerability in Catb Gif2Png 2.5.1/2.5.2 A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | 5.0 |
| 2009-05-06 | CVE-2009-1573 | Permissions, Privileges, and Access Controls vulnerability in multiple products xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | 4.6 |
| 2009-04-27 | CVE-2008-6755 | Permissions, Privileges, and Access Controls vulnerability in Zoneminder 1.23.3 ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | 5.0 |
| 2008-09-29 | CVE-2008-3524 | Link Following vulnerability in Redhat Fedora and Initscripts rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | 4.7 |
| 2008-07-07 | CVE-2008-2808 | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | 4.3 |
| 2008-04-15 | CVE-2008-1796 | Denial-Of-Service vulnerability in Comix 3.6.4 Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. | 4.9 |
| 2008-03-31 | CVE-2008-1552 | Numeric Errors vulnerability in Silc products The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. | 6.8 |
| 2008-03-24 | CVE-2008-0073 | Numeric Errors vulnerability in Xine Xine-Lib 1.1.10.1 Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. | 6.8 |