Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-24 | CVE-2015-2155 | Denial of Service vulnerability in tcpdump The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 7.5 |
| 2015-03-18 | CVE-2015-2152 | Permissions, Privileges, and Access Controls vulnerability in multiple products Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. | 1.9 |
| 2015-03-12 | CVE-2015-2151 | Permissions, Privileges, and Access Controls vulnerability in multiple products The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. | 7.2 |
| 2015-03-12 | CVE-2015-2045 | Information Exposure vulnerability in multiple products The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2015-03-09 | CVE-2015-2206 | Information Exposure vulnerability in multiple products libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | 5.0 |
| 2015-03-09 | CVE-2015-1464 | Improper Access Control vulnerability in multiple products RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | 6.4 |
| 2015-03-09 | CVE-2015-1165 | Information Exposure vulnerability in multiple products RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | 5.0 |
| 2015-03-09 | CVE-2014-9472 | Resource Management Errors vulnerability in multiple products The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. | 7.1 |
| 2015-02-19 | CVE-2014-9679 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Cups Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. | 6.8 |
| 2015-02-19 | CVE-2014-9465 | Resource Management Errors vulnerability in multiple products senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. | 5.0 |