The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
|79962||GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011||Nessus||Gentoo Local Security Checks|
|57308||Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)||Nessus||Fedora Local Security Checks|
|57141||Fedora 16 : arora-0.11.0-3.fc16 (2011-14719)||Nessus||Fedora Local Security Checks|