Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-09 | CVE-2015-6816 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | Fedora, Ganglia\-Web | 9.8 | ||
| 2015-08-24 | CVE-2015-6665 | Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. | Ctools, Drupal, Fedora | N/A | ||
| 2016-01-11 | CVE-2015-6566 | zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | Fedora, Zarafa_collaboration_platform | 8.4 | ||
| 2015-08-24 | CVE-2015-6524 | The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | Activemq, Fedora | N/A | ||
| 2017-09-06 | CVE-2015-5705 | Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | Devscripts, Fedora | 7.5 | ||
| 2017-09-25 | CVE-2015-5704 | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | Devscripts, Fedora | 7.8 | ||
| 2017-09-20 | CVE-2015-5607 | Cross-site request forgery in the REST API in IPython 2 and 3. | Fedora, Ipython | 8.8 | ||
| 2015-09-28 | CVE-2015-5400 | Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | Debian_linux, Fedora, Squid | N/A | ||
| 2017-07-21 | CVE-2015-5300 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | Ubuntu_linux, Debian_linux, Fedora, Ntp, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud, Suse_linux_enterprise_server | 7.5 | ||
| 2015-10-09 | CVE-2015-5235 | IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. | Fedora, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Icedtea | N/A |