Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-28 | CVE-2013-1895 | The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | Fedora, Py\-Bcrypt | N/A | ||
| 2020-01-28 | CVE-2013-1437 | Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | Fedora, Module\-Metadata | N/A | ||
| 2020-01-28 | CVE-2013-0294 | packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | Fedora, Pyrad | N/A | ||
| 2020-01-28 | CVE-2014-2581 | Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | Fedora, Smb4k | N/A | ||
| 2019-12-31 | CVE-2013-4357 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | Ubuntu_linux, Debian_linux, Eglibc, Fedora, Suse_linux_enterprise_server | N/A | ||
| 2020-01-03 | CVE-2012-4451 | Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | Fedora, Enterprise_linux, Zend_framework | N/A | ||
| 2019-11-18 | CVE-2014-5118 | Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability | Fedora, Enterprise_linux, Trusted_boot | N/A | ||
| 2020-01-02 | CVE-2013-4752 | Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | Fedora, Symfony | N/A | ||
| 2019-12-30 | CVE-2012-5645 | A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. | Fedora, Freeciv | N/A | ||
| 2015-05-18 | CVE-2015-3455 | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | Fedora, Linux, Solaris, Squid | N/A |