Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-10-10 | CVE-2013-4345 | Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. | Fedora, Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A | ||
| 2013-12-13 | CVE-2013-0348 | thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. | Thttpd, Fedora, Linux, Sthttpd, Opensuse | N/A | ||
| 2014-02-10 | CVE-2011-4930 | Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. | Condor, Fedora, Enterprise_mrg | N/A | ||
| 2014-04-15 | CVE-2013-6456 | The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container,... | Fedora, Libvirt | N/A | ||
| 2017-07-21 | CVE-2015-5219 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | Ubuntu_linux, Debian_linux, Fedora, Leap, Ntp, Leap, Linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Tim_4r\-Id_dnp3_firmware, Tim_4r\-Ie_firmware, Linux_enterprise_debuginfo, Linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud | 7.5 | ||
| 2014-07-03 | CVE-2014-0247 | LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. | Ubuntu_linux, Fedora, Libreoffice, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
| 2014-07-11 | CVE-2014-3499 | Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | Docker, Fedora | N/A | ||
| 2014-07-23 | CVE-2014-3537 | The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | Cups, Ubuntu_linux, Fedora | N/A | ||
| 2014-11-24 | CVE-2014-7821 | OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. | Fedora, Neutron, Openstack | N/A | ||
| 2014-12-12 | CVE-2014-8124 | OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. | Fedora, Horizon, Opensuse, Solaris | N/A |