Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-07-13 | CVE-2015-8808 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. | Fedora, Graphicsmagick, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite | 5.5 | ||
| 2016-04-13 | CVE-2015-8807 | Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. | Debian_linux, Fedora, Horde_groupware | 6.1 | ||
| 2016-04-19 | CVE-2015-8779 | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | Ubuntu_linux, Debian_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 9.8 | ||
| 2016-04-19 | CVE-2015-8778 | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | Ubuntu_linux, Debian_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 9.8 | ||
| 2016-04-19 | CVE-2015-8776 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | Ubuntu_linux, Debian_linux, Fedora, Glibc, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server | 9.1 | ||
| 2016-01-13 | CVE-2015-8466 | Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | Fedora, Swift3 | 7.4 | ||
| 2016-01-12 | CVE-2015-8400 | The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | Fedora, Shellinabox | 7.4 | ||
| 2015-12-02 | CVE-2015-8380 | The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | Fedora, Perl_compatible_regular_expression_library | N/A | ||
| 2016-04-18 | CVE-2015-8106 | Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | Fedora, Latex2rtf | 7.8 | ||
| 2017-12-29 | CVE-2015-8008 | The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | Fedora, Mediawiki | 7.5 |