Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-04-24 | CVE-2015-3148 | cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Curl, Libcurl, System_management_homepage, Opensuse | N/A | ||
| 2016-04-13 | CVE-2015-3146 | The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. | Ubuntu_linux, Debian_linux, Fedora, Libssh | 7.5 | ||
| 2015-04-24 | CVE-2015-3145 | The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Curl, Libcurl, System_management_homepage, Opensuse, Solaris | N/A | ||
| 2015-04-08 | CVE-2015-2782 | Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. | Arj_archiver, Debian_linux, Fedora | N/A | ||
| 2015-04-01 | CVE-2015-2756 | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | Ubuntu_linux, Debian_linux, Fedora, Xen | N/A | ||
| 2015-04-01 | CVE-2015-2752 | The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | Fedora, Xen | N/A | ||
| 2015-04-01 | CVE-2015-2751 | Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | Fedora, Xen | N/A | ||
| 2015-06-17 | CVE-2015-2665 | Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Cacti, Fedora | N/A | ||
| 2015-03-25 | CVE-2015-2317 | The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. | Ubuntu_linux, Debian_linux, Django, Fedora, Opensuse, Solaris | N/A | ||
| 2015-03-25 | CVE-2015-2316 | The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. | Ubuntu_linux, Django, Fedora, Opensuse, Solaris | N/A |