Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-08-12 | CVE-2015-2059 | The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. | Fedora, Libidn, Opensuse | N/A | ||
2015-03-12 | CVE-2015-2045 | The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | Debian_linux, Fedora, Xen | N/A | ||
2015-05-18 | CVE-2015-1868 | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. | Fedora, Authoritative, Recursor | N/A | ||
2015-07-26 | CVE-2015-1840 | jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value. | Fedora, Opensuse, Jquery\-Rails, Jquery\-Ujs | N/A | ||
2017-04-13 | CVE-2015-1839 | modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | Fedora, Salt | 5.3 | ||
2017-04-13 | CVE-2015-1838 | modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | Fedora, Salt | 5.3 | ||
2017-08-11 | CVE-2015-1783 | The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. | Lasso, Fedora | 7.5 | ||
2015-03-30 | CVE-2015-1609 | MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | Fedora, Mongodb | N/A | ||
2015-02-09 | CVE-2015-1563 | The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | Fedora, Xen | N/A | ||
2015-03-09 | CVE-2015-1464 | RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | Request_tracker, Fedora | N/A |