Fedoraproject: >> Fedora >> 18 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-11-01
php-symfony2-Validator has loss of information during serialization
CVSS Score
8.1
EPSS Score
0.006
Published
2019-11-01
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
CVSS Score
4.3
EPSS Score
0.007
Published
2019-10-31
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
CVSS Score
6.1
EPSS Score
0.014
Published
2019-10-31
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
CVSS Score
4.7
EPSS Score
0.0
Published
2019-04-24
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
CVSS Score
9.8
EPSS Score
0.173
Published
2019-04-22
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
CVSS Score
7.1
EPSS Score
0.0
Published
2018-05-01
The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.
CVSS Score
5.0
EPSS Score
0.018
Published
2014-07-03
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
CVSS Score
4.3
EPSS Score
0.92
Published
2014-06-05
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
CVSS Score
4.3
EPSS Score
0.821
Published
2014-06-05