Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-09 | CVE-2015-2206 | Information Exposure vulnerability in multiple products libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | 5.0 |
| 2015-03-09 | CVE-2015-1464 | Improper Access Control vulnerability in multiple products RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | 6.4 |
| 2015-03-09 | CVE-2015-1165 | Information Exposure vulnerability in multiple products RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | 5.0 |
| 2015-03-09 | CVE-2014-9472 | Resource Management Errors vulnerability in multiple products The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. | 7.1 |
| 2015-02-19 | CVE-2014-9679 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Cups Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. | 6.8 |
| 2015-02-19 | CVE-2014-9465 | Resource Management Errors vulnerability in multiple products senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. | 5.0 |
| 2015-02-17 | CVE-2015-0247 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. | 4.6 |
| 2015-02-09 | CVE-2015-1563 | Resource Management Errors vulnerability in multiple products The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | 2.1 |
| 2015-02-08 | CVE-2014-9675 | Permissions, Privileges, and Access Controls vulnerability in multiple products bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. | 5.0 |
| 2015-02-08 | CVE-2014-9674 | Remote vulnerability in FreeType Versions Prior to 2.5.4 The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. | 7.5 |