Fedora : Security Vulnerabilities, CVEs,
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types.
Max CVSS
4.3
EPSS Score
0.41%
Published
2015-05-14
Updated
2016-12-31
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
Max CVSS
6.8
EPSS Score
2.58%
Published
2015-05-14
Updated
2023-02-12
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
Max CVSS
7.8
EPSS Score
10.89%
Published
2008-08-29
Updated
2017-09-29
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
Max CVSS
10.0
EPSS Score
29.91%
Published
2008-07-21
Updated
2017-08-08
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
Max CVSS
7.1
EPSS Score
10.64%
Published
2008-08-29
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
Max CVSS
4.3
EPSS Score
0.32%
Published
2008-08-29
Updated
2017-09-29
6 vulnerabilities found