Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-11-06 | CVE-2010-4178 | MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | Fedora, Mysql\-Gui\-Tools | N/A | ||
2019-10-31 | CVE-2013-1930 | MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | Fedora, Mantisbt | N/A | ||
2019-10-31 | CVE-2013-1931 | A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | Fedora, Mantisbt | N/A | ||
2019-11-04 | CVE-2015-8980 | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | Fedora, Leap, Php\-Gettext, Enterprise_linux | N/A | ||
2019-11-01 | CVE-2013-4751 | php-symfony2-Validator has loss of information during serialization | Fedora, Enterprise_linux, Symfony | N/A | ||
2017-03-17 | CVE-2015-4645 | Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | Fedora, Squashfs | N/A | ||
2018-06-18 | CVE-2018-1090 | In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. | Fedora, Pulp, Satellite | 7.5 | ||
2016-06-10 | CVE-2016-3720 | XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. | Jackson\-Dataformat\-Xml, Fedora | N/A | ||
2017-09-21 | CVE-2017-12170 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd. | Fedora, Pure\-Ftpd | 9.8 | ||
2018-02-09 | CVE-2014-3219 | fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | Fedora, Fish | 7.8 |