Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-12-16 | CVE-2015-7204 | Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7203 | Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-12-16 | CVE-2015-7202 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | Fedora, Firefox, Leap, Opensuse | N/A | ||
| 2015-09-21 | CVE-2015-6938 | Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate. | Fedora, Notebook, Notebook, Opensuse | N/A | ||
| 2017-08-09 | CVE-2015-6816 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | Fedora, Ganglia\-Web | 9.8 | ||
| 2015-08-24 | CVE-2015-6665 | Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. | Ctools, Drupal, Fedora | N/A | ||
| 2016-01-11 | CVE-2015-6566 | zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | Fedora, Zarafa_collaboration_platform | 8.4 | ||
| 2015-08-24 | CVE-2015-6524 | The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | Activemq, Fedora | N/A | ||
| 2017-09-06 | CVE-2015-5705 | Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | Devscripts, Fedora | 7.5 | ||
| 2017-09-25 | CVE-2015-5704 | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | Devscripts, Fedora | 7.8 |