Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-07-18 | CVE-2008-3222 | Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. | Drupal, Fedora | N/A | ||
| 2008-07-18 | CVE-2008-3221 | Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. | Drupal, Fedora | N/A | ||
| 2008-07-18 | CVE-2008-3220 | Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | Drupal, Fedora | N/A | ||
| 2008-07-18 | CVE-2008-3219 | The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. | Drupal, Fedora | N/A | ||
| 2021-03-25 | CVE-2021-3443 | A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | Fedora, Jasper, Enterprise_linux | 5.5 | ||
| 2021-03-19 | CVE-2019-10196 | A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. | Fedora, Http\-Proxy\-Agent, Enterprise_linux, Software_collections | 9.8 | ||
| 2014-04-30 | CVE-2014-1520 | maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. | Fedora, Firefox, Firefox_esr | N/A | ||
| 2013-08-17 | CVE-2013-1888 | pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. | Fedora, Pip | N/A | ||
| 2019-12-30 | CVE-2012-5474 | The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | Debian_linux, Fedora, Horizon, Openstack | 5.5 | ||
| 2011-03-02 | CVE-2011-0762 | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Linux_enterprise_server, Vsftpd | N/A |