Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-22 | CVE-2015-5258 | Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | Fedora, Spring_social | 8.8 | ||
| 2021-02-23 | CVE-2021-20229 | A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | Fedora, Postgresql, Enterprise_linux, Software_collections | 4.3 | ||
| 2021-05-26 | CVE-2021-30469 | A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | Fedora, Podofo, Enterprise_linux | 5.5 | ||
| 2021-05-26 | CVE-2021-30470 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | Fedora, Podofo, Enterprise_linux | 5.5 | ||
| 2021-05-26 | CVE-2021-30471 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | Fedora, Podofo, Enterprise_linux | 5.5 | ||
| 2021-05-27 | CVE-2021-30500 | Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. | Fedora, Enterprise_linux, Upx | 7.8 | ||
| 2021-05-26 | CVE-2021-20297 | A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | Fedora, Networkmanager, Enterprise_linux, Openshift_container_platform | 5.5 | ||
| 2019-11-25 | CVE-2012-5617 | gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | Fedora, Gksu\-Polkit | 7.8 | ||
| 2019-12-31 | CVE-2013-4161 | gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | Fedora, Gksu\-Polkit | 7.8 | ||
| 2008-07-18 | CVE-2008-3218 | Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. | Drupal, Fedora | N/A |