Total
2132 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1526 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox Esr and 2 more | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. | |||||
CVE-2016-1234 | 3 Fedoraproject, Gnu, Opensuse | 4 Fedora, Glibc, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. | |||||
CVE-2016-5384 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | |||||
CVE-2016-3075 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Glibc and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | |||||
CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | |||||
CVE-2015-8868 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. | |||||
CVE-2016-5386 | 4 Fedoraproject, Golang, Oracle and 1 more | 6 Fedora, Go, Linux and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
CVE-2015-1779 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-12-10 | 7.8 HIGH | 8.6 HIGH |
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | |||||
CVE-2016-4021 | 2 Fedoraproject, Pgpdump Project | 2 Fedora, Pgpdump | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. | |||||
CVE-2016-6855 | 4 Canonical, Fedoraproject, Gnome and 1 more | 6 Ubuntu Linux, Fedora, Eye Of Gnome and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | |||||
CVE-2015-7827 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | |||||
CVE-2016-3125 | 3 Fedoraproject, Opensuse, Proftpd | 3 Fedora, Opensuse, Proftpd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | |||||
CVE-2016-1232 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. | |||||
CVE-2016-2041 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | |||||
CVE-2016-5244 | 4 Fedoraproject, Linux, Redhat and 1 more | 11 Fedora, Linux Kernel, Enterprise Linux and 8 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. | |||||
CVE-2016-3674 | 3 Debian, Fedoraproject, Xstream Project | 3 Debian Linux, Fedora, Xstream | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. | |||||
CVE-2015-8540 | 4 Debian, Fedoraproject, Libpng and 1 more | 7 Debian Linux, Fedora, Libpng and 4 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. | |||||
CVE-2016-3068 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | |||||
CVE-2015-8853 | 2 Fedoraproject, Perl | 2 Fedora, Perl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." | |||||
CVE-2016-3110 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. |