Vulnerabilities > Fedoraproject > Fedora > 21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-25 | CVE-2015-5704 | Command Injection vulnerability in multiple products scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | 7.8 |
| 2017-09-20 | CVE-2015-5607 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery in the REST API in IPython 2 and 3. | 8.8 |
| 2017-09-19 | CVE-2015-3420 | Improper Certificate Validation vulnerability in multiple products The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | 5.9 |
| 2017-09-06 | CVE-2015-5705 | Link Following vulnerability in multiple products Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | 7.5 |
| 2017-08-25 | CVE-2015-1395 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. | 7.5 |
| 2017-08-25 | CVE-2014-9637 | Resource Management Errors vulnerability in multiple products GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | 5.5 |
| 2017-08-24 | CVE-2015-5146 | Improper Input Validation vulnerability in multiple products ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. | 5.3 |
| 2017-08-11 | CVE-2015-1783 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. | 7.5 |
| 2017-08-09 | CVE-2015-6816 | Improper Authentication vulnerability in multiple products ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | 9.8 |
| 2017-08-09 | CVE-2015-3405 | Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | 7.5 |