Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-05-12 | CVE-2015-3451 | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Xml\-Libxml | N/A | ||
2019-11-25 | CVE-2019-14891 | A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. | Fedora, Cri\-O, Openshift_container_platform | N/A | ||
2020-02-19 | CVE-2015-7747 | Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | Audio_file_library, Ubuntu_linux, Fedora | N/A | ||
2020-02-20 | CVE-2015-4411 | The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | Fedora, Bson | N/A | ||
2020-02-20 | CVE-2015-4410 | The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. | Fedora, Moped | N/A | ||
2020-02-17 | CVE-2014-8089 | SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | Fedora, Enterprise_linux, Zend_framework | N/A | ||
2020-02-06 | CVE-2016-1544 | nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | Fedora, Nghttp2 | N/A | ||
2020-02-06 | CVE-2013-4572 | The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | Fedora, Mediawiki | N/A | ||
2020-02-05 | CVE-2010-5304 | A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. | Fedora, Libvncserver | N/A | ||
2020-01-31 | CVE-2011-4088 | ABRT might allow attackers to obtain sensitive information from crash reports. | Abrt, Fedora, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A |