Total
2132 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5194 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | |||||
CVE-2017-13747 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2015-5258 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Social | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | |||||
CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | |||||
CVE-2015-5705 | 2 Devscripts Devel Team, Fedoraproject | 2 Devscripts, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | |||||
CVE-2017-13749 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2015-8008 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | |||||
CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 13 Debian Linux, Fedora, Ntp and 10 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | |||||
CVE-2018-5345 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | |||||
CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2016-1247 | 4 Canonical, Debian, F5 and 1 more | 4 Ubuntu Linux, Debian Linux, Nginx and 1 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | |||||
CVE-2016-7969 | 3 Fedoraproject, Libass Project, Opensuse | 4 Fedora, Libass, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | |||||
CVE-2015-8567 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | |||||
CVE-2016-9014 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. | |||||
CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | |||||
CVE-2016-7545 | 3 Fedoraproject, Redhat, Selinux Project | 7 Fedora, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||||
CVE-2016-9956 | 3 Debian, Fedoraproject, Flightgear | 3 Debian Linux, Fedora, Flightgear | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | |||||
CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
Session fixation vulnerability in pcsd in pcs before 0.9.157. | |||||
CVE-2016-7543 | 2 Fedoraproject, Gnu | 2 Fedora, Bash | 2023-12-10 | 7.2 HIGH | 8.4 HIGH |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | |||||
CVE-2016-7945 | 2 Fedoraproject, X.org | 2 Fedora, Libxi | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. |