Fedoraproject: >> Fedora Security Vulnerabilities
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVSS Score
4.7
EPSS Score
0.001
Published
2014-04-01
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.013
Published
2014-03-27
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
CVSS Score
6.8
EPSS Score
0.208
Published
2014-03-14
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
CVSS Score
6.8
EPSS Score
0.207
Published
2014-03-14
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
CVSS Score
4.4
EPSS Score
0.003
Published
2014-03-14
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
CVSS Score
4.4
EPSS Score
0.001
Published
2014-02-10
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-02-08
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
CVSS Score
7.5
EPSS Score
0.006
Published
2014-02-06
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
CVSS Score
9.3
EPSS Score
0.016
Published
2014-02-06
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-02-06