Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2007-10-30 | CVE-2007-1321 | Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual... | Debian_linux, Fedora, Fedora_core, Qemu | N/A | ||
2016-04-26 | CVE-2016-4002 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | Ubuntu_linux, Debian_linux, Fedora, Qemu | 9.8 | ||
2016-02-22 | CVE-2016-0724 | The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. | Fedora, Moodle | 4.3 | ||
2016-02-22 | CVE-2016-0725 | Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. | Fedora, Moodle | 6.1 | ||
2014-01-20 | CVE-2014-0010 | Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | Fedora, Moodle | N/A | ||
2013-03-25 | CVE-2013-1830 | user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. | Fedora, Moodle | N/A | ||
2008-01-18 | CVE-2007-6427 | The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Linux, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Open_enterprise_server, X_server | N/A | ||
2010-07-13 | CVE-2010-2008 | MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. | Ubuntu_linux, Fedora, Mysql | N/A | ||
2014-09-30 | CVE-2014-6055 | Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. | Debian_linux, Fedora, Libvncserver, Enterprise_linux_server_aus, Enterprise_linux_server_eus | N/A | ||
2014-09-30 | CVE-2014-6051 | Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. | Debian_linux, Fedora, Libvncserver, Solaris, Enterprise_linux_server_aus, Enterprise_linux_server_eus | N/A |