Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-07-29 | CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | Fedora, Freebsd, Hp\-Ux, Bind, Dnsco_bind, Business_server, Enterprise_server, Suse_linux, Opensuse, Enterprise_linux, Slackware_linux, Suse_linux_enterprise_software_development_kit | N/A | ||
| 2013-12-24 | CVE-2013-4550 | Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268. | Bip, Fedora | N/A | ||
| 2013-08-06 | CVE-2013-4124 | Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. | Ubuntu_linux, Fedora, Opensuse, Enterprise_linux, Samba | N/A | ||
| 2013-10-09 | CVE-2013-2207 | pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. | Fedora, Glibc | N/A | ||
| 2014-02-07 | CVE-2013-2191 | python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. | Fedora, Opensuse, Python\-Bugzilla | N/A | ||
| 2014-01-16 | CVE-2013-2139 | Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. | Libsrtp, Fedora, Opensuse | N/A | ||
| 2013-06-15 | CVE-2013-2064 | Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Secure_global_desktop, Libxcb | N/A | ||
| 2013-11-18 | CVE-2013-2032 | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. | Fedora, Linux, Mediawiki | N/A | ||
| 2013-12-12 | CVE-2013-1812 | The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | Fedora, Ruby\-Openid | N/A | ||
| 2013-07-08 | CVE-2013-0237 | Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | Fedora, Plupload, Wordpress | N/A |