Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-04-21 | CVE-2016-0721 | Session fixation vulnerability in pcsd in pcs before 0.9.157. | Pcs, Fedora, Enterprise_linux | 8.1 | ||
| 2017-06-13 | CVE-2016-3696 | The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | Fedora, Pulp | 5.5 | ||
| 2017-06-13 | CVE-2016-3704 | Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | Fedora, Pulp | 7.5 | ||
| 2017-06-13 | CVE-2016-5391 | libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). | Fedora, Libreswan | 7.5 | ||
| 2017-06-27 | CVE-2016-6342 | elog 3.1.1 allows remote attackers to post data as any username in the logbook. | Elog, Fedora | 7.5 | ||
| 2017-07-21 | CVE-2015-5194 | The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | Ubuntu_linux, Debian_linux, Fedora, Ntp, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud | 7.5 | ||
| 2017-07-21 | CVE-2015-5195 | ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | Ubuntu_linux, Debian_linux, Fedora, Ntp, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2017-08-09 | CVE-2015-3405 | ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | Debian_linux, Fedora, Ntp, Suse_linux_enterprise_server, Suse_linux_enterprise_desktop, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_from_rhui_6, Enterprise_linux_workstation, Suse_linux_enterprise_server | 7.5 | ||
| 2017-09-19 | CVE-2015-1854 | 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | Debian_linux, 389_directory_server, Fedora | 7.5 | ||
| 2018-04-03 | CVE-2018-1098 | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. | Fedora, Etcd | 8.8 |