Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-11-12 | CVE-2010-3438 | libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. | Debian_linux, Fedora, Libpoe\-Component\-Irc\-Perl | N/A | ||
2019-11-08 | CVE-2013-1820 | tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | Fedora, Tuned | N/A | ||
2019-11-05 | CVE-2013-5123 | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv | N/A | ||
2019-11-07 | CVE-2012-0049 | OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | Debian_linux, Fedora, Openttd | N/A | ||
2019-11-04 | CVE-2013-4409 | An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | Fedora, Enterprise_linux, Djblets, Review_board | N/A | ||
2019-11-04 | CVE-2013-4251 | The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | Debian_linux, Fedora, Enterprise_linux, Scipy | N/A | ||
2019-11-06 | CVE-2010-4178 | MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | Fedora, Mysql\-Gui\-Tools | N/A | ||
2019-10-31 | CVE-2013-1930 | MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | Fedora, Mantisbt | N/A | ||
2019-10-31 | CVE-2013-1931 | A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | Fedora, Mantisbt | N/A | ||
2019-11-04 | CVE-2015-8980 | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | Fedora, Leap, Php\-Gettext, Enterprise_linux | N/A |