Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-06-22 | CVE-2010-1637 | The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | Mac_os_x, Mac_os_x_server, Fedora, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Squirrelmail | 6.5 | ||
| 2008-08-29 | CVE-2008-3282 | Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | Openoffice, Fedora | 7.8 | ||
| 2018-01-09 | CVE-2017-15129 | A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege... | Ubuntu_linux, Fedora, Linux_kernel, Enterprise_linux, Enterprise_linux_compute_node_eus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation | 4.7 | ||
| 2010-03-05 | CVE-2010-0302 | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this... | Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Fedora, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2010-03-15 | CVE-2010-0050 | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | Iphone_os, Safari, Ubuntu_linux, Fedora, Opensuse | 8.8 | ||
| 2008-05-05 | CVE-2008-0599 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | Mac_os_x, Mac_os_x_server, Ubuntu_linux, Fedora, Php | 9.8 | ||
| 2008-11-13 | CVE-2008-5021 | nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. | Ubuntu_linux, Debian_linux, Fedora, Firefox, Seamonkey, Thunderbird, Linux_desktop, Open_enterprise_server, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2008-06-06 | CVE-2008-2575 | cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. | Fedora, Cbrpager | N/A | ||
| 2008-08-27 | CVE-2008-3281 | libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | Iphone_os, Safari, Ubuntu_linux, Debian_linux, Fedora, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Esx, Libxml2 | 6.5 | ||
| 2009-06-08 | CVE-2009-1955 | The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | Apr\-Util, Http_server, Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Http_server, Linux_enterprise_server | 7.5 |