CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23012 – Fedora Repository fedoraIntCallUser default credentials
https://notcve.org/view.php?id=CVE-2025-23012
23 Jan 2025 — Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23). • https://github.com/fcrepo-exts/migration-utils • CWE-1392: Use of Default Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23011 – Fedora Repository archive extraction path traversal
https://notcve.org/view.php?id=CVE-2025-23011
23 Jan 2025 — Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23). • https://github.com/fcrepo-exts/migration-utils • CWE-23: Relative Path Traversal •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52595 – HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
https://notcve.org/view.php?id=CVE-2024-52595
19 Nov 2024 — lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as `
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2746 – Incomplete fix for CVE-2024-1929
https://notcve.org/view.php?id=CVE-2024-2746
08 May 2024 — Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate ... • https://github.com/xct/CVE-2024-27460 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1929 – Local Root Exploit via Configuration Dictionary
https://notcve.org/view.php?id=CVE-2024-1929
08 May 2024 — Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration over... • https://www.openwall.com/lists/oss-security/2024/03/04/2 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1930 – No Limit on Number of Open Sessions / Bad Session Close Behaviour
https://notcve.org/view.php?id=CVE-2024-1930
08 May 2024 — No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned b... • https://www.openwall.com/lists/oss-security/2024/03/04/2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3983 – pcs: improper web session variable signing
https://notcve.org/view.php?id=CVE-2015-3983
14 May 2015 — The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types. El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no incluye el indicador HTTPOnly en una cabecera Set-Cookie, lo que facilita a atacantes remotos obtener información potencialmente sensible... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 1CVE-2015-1848 – pcs: improper web session variable signing
https://notcve.org/view.php?id=CVE-2015-1848
13 May 2015 — The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag. El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesión https, lo cual hace más... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5536 – pam_ssh_agent_auth: symbol crash leading to glibc error() called incorrectly
https://notcve.org/view.php?id=CVE-2012-5536
22 Feb 2013 — A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo. Un determinado build de Red Hat del módulo pam_ssh_agent_auth en Red Hat Enterprise Linux (RHEL) 6 y Fedora Rawhid... • http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-3500
https://notcve.org/view.php?id=CVE-2012-3500
01 Oct 2012 — scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. scripts/annotate-output.sh en devscripts anteriores a v2.12.2, como el usado en rpmdevtools anteriores a v8.3, permite a usuarios locales modificar ficheros a través de un ataque de enlaces simbólicos sobre los ficheros temporales de (1) salida estándar o (2) salida estándar de erro... • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •