Fedora - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Fedora
(Fedoraproject)

Repositories

• https://github.com/torvalds/linux
• https://github.com/phpmyadmin/phpmyadmin
• https://github.com/krb5/krb5
• https://github.com/mdadams/jasper
• https://github.com/uclouvain/openjpeg

• https://github.com/golang/go
• https://github.com/FasterXML/jackson-databind
• https://github.com/ntp-project/ntp
• https://github.com/apache/httpd
• https://github.com/dbry/WavPack
• https://github.com/json-c/json-c
• https://github.com/jquery/jquery-ui
• https://github.com/ClusterLabs/pcs
• https://github.com/newsoft/libvncserver
• https://github.com/horde/horde
• https://github.com/ipython/ipython
• https://github.com/wesnoth/wesnoth
• https://github.com/saltstack/salt
• git://git.openssl.org/openssl.git
•
• https://github.com/haproxy/haproxy
• https://github.com/pyca/cryptography
• https://github.com/dajobe/raptor
• https://github.com/opencontainers/runc
• https://github.com/openstack/swift
• https://github.com/openssh/openssh-portable
• https://github.com/collectd/collectd
• https://github.com/mongodb/mongo
• https://github.com/ADOdb/ADOdb
• https://github.com/igniterealtime/Smack
• https://github.com/SELinuxProject/selinux
• https://github.com/dlitz/pycrypto
• https://github.com/teeworlds/teeworlds
• https://github.com/karelzak/util-linux
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/cyrusimap/cyrus-imapd
• https://github.com/ceph/ceph
• https://github.com/lepture/mistune
• https://github.com/MariaDB/server
• https://github.com/golang/net
• https://github.com/FreeRDP/FreeRDP
• https://github.com/sleuthkit/sleuthkit
• https://github.com/Perl/perl5
• https://github.com/python/cpython
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/libuv/libuv
• https://github.com/mysql/mysql-server
• https://github.com/libgd/libgd
• https://github.com/SpiderLabs/ModSecurity
• https://github.com/fish-shell/fish-shell
• https://github.com/php/php-src
• https://github.com/quassel/quassel
• https://github.com/ocaml/ocaml
• https://github.com/LibRaw/LibRaw
• https://github.com/sddm/sddm
• https://github.com/axkibe/lsyncd
• https://github.com/visionmedia/send
• https://github.com/rawstudio/rawstudio
• https://github.com/cherokee/webserver
• https://github.com/numpy/numpy
• https://github.com/rjbs/Email-Address
• https://github.com/openid/ruby-openid
• https://github.com/moxiecode/plupload
• https://github.com/libarchive/libarchive

#Vulnerabilities

5329

Date	Id	Summary	Products	Score	Patch	Annotated
2015-02-03	CVE-2014-9328	ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."	Clamav, Fedora	N/A
2014-12-09	CVE-2014-9274	UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".	Debian_linux, Fedora, Mageia, Unrtf	N/A
2014-12-03	CVE-2014-9220	SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.	Fedora, Opensuse, Openvas_manager	N/A
2014-11-26	CVE-2014-9093	LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.	Ubuntu_linux, Debian_linux, Fedora, Libreoffice	N/A
2017-10-10	CVE-2014-9092	libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.	Ubuntu_linux, Fedora, Libjpeg\-Turbo	6.5
2014-12-05	CVE-2014-8990	default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.	Debian_linux, Fedora, Lsyncd	N/A
2015-02-01	CVE-2014-8630	Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.	Fedora, Bugzilla	N/A
2014-12-10	CVE-2014-8488	Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.	Fedora, Yourls	N/A
2014-12-28	CVE-2014-8132	Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.	Ubuntu_linux, Debian_linux, Fedora, Libssh, Opensuse	N/A
2017-12-29	CVE-2014-8119	The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.	Fedora, Netcf, Enterprise_linux	7.5