Total
1959 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2312 | 3 Fedoraproject, Kde, Opensuse | 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | |||||
CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | |||||
CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
CVE-2017-6314 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |||||
CVE-2015-1839 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||||
CVE-2016-4797 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. | |||||
CVE-2015-4645 | 2 Fedoraproject, Squashfs Project | 2 Fedora, Squashfs | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | |||||
CVE-2016-10027 | 2 Fedoraproject, Igniterealtime | 2 Fedora, Smack | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. | |||||
CVE-2016-8887 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). | |||||
CVE-2016-8690 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. | |||||
CVE-2016-8569 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | |||||
CVE-2016-0724 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. | |||||
CVE-2016-4008 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Libtasn1 and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. | |||||
CVE-2015-5295 | 4 Fedoraproject, Openstack, Oracle and 1 more | 4 Fedora, Orchestration Api, Solaris and 1 more | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. | |||||
CVE-2016-6153 | 3 Fedoraproject, Opensuse, Sqlite | 3 Fedora, Leap, Sqlite | 2023-12-10 | 4.6 MEDIUM | 5.9 MEDIUM |
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | |||||
CVE-2016-2044 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
CVE-2015-8807 | 3 Debian, Fedoraproject, Horde | 3 Debian Linux, Fedora, Groupware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. | |||||
CVE-2016-1926 | 2 Fedoraproject, Greenbone | 3 Fedora, Greenbone Os, Greenbone Security Assistant | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp. | |||||
CVE-2016-2045 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. |