Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-06 | CVE-2015-0296 | Permissions, Privileges, and Access Controls vulnerability in TUG Texlive 3.1.20140525R34255.Fc21/6.20131226R32488.Fc20 The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | 1.2 |
| 2017-10-03 | CVE-2017-13704 | Improper Input Validation vulnerability in multiple products In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. | 7.5 |
| 2017-09-26 | CVE-2015-5070 | Information Exposure vulnerability in multiple products The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | 3.5 |
| 2017-09-26 | CVE-2015-5069 | Information Exposure vulnerability in multiple products The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | 4.0 |
| 2017-09-25 | CVE-2015-5704 | Command Injection vulnerability in multiple products scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | 7.2 |
| 2017-09-21 | CVE-2017-12170 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. | 7.5 |
| 2017-09-20 | CVE-2015-5607 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery in the REST API in IPython 2 and 3. | 6.8 |
| 2017-09-19 | CVE-2015-3420 | Improper Certificate Validation vulnerability in multiple products The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | 4.3 |
| 2017-09-19 | CVE-2015-1854 | Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | 7.5 |
| 2017-09-13 | CVE-2017-11462 | Double Free vulnerability in multiple products Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | 9.8 |