Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 3387 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6665 3 Chaos Tool Suite Project, Drupal, Fedoraproject 3 Ctools, Drupal, Fedora 2016-12-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
CVE-2014-9274 4 Debian, Fedoraproject, Mageia Project and 1 more 4 Debian Linux, Fedora, Mageia and 1 more 2016-12-22 7.5 HIGH N/A
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
CVE-2016-7952 2 Fedoraproject, X.org 2 Fedora, Libxtst 2016-12-15 5.0 MEDIUM 7.5 HIGH
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
CVE-2015-6524 2 Apache, Fedoraproject 2 Activemq, Fedora 2016-12-09 5.0 MEDIUM N/A
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
CVE-2016-1901 2 Cgit Project, Fedoraproject 2 Cgit, Fedora 2016-12-07 7.5 HIGH 9.8 CRITICAL
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
CVE-2016-1899 2 Cgit Project, Fedoraproject 2 Cgit, Fedora 2016-12-07 4.3 MEDIUM 3.7 LOW
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
CVE-2016-1900 2 Cgit Project, Fedoraproject 2 Cgit, Fedora 2016-12-07 4.3 MEDIUM 3.7 LOW
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
CVE-2015-5292 1 Fedoraproject 1 Sssd 2016-12-07 6.8 MEDIUM N/A
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
CVE-2015-1462 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
CVE-2015-1463 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 5.0 MEDIUM N/A
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
CVE-2015-1461 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
CVE-2016-3960 3 Fedoraproject, Oracle, Xen 3 Fedora, Vm Server, Xen 2016-12-03 7.2 HIGH 8.8 HIGH
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2016-3158 3 Fedoraproject, Oracle, Xen 3 Fedora, Vm Server, Xen 2016-12-03 1.7 LOW 3.8 LOW
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
CVE-2016-3144 2 Fedoraproject, Fourkitchens 2 Fedora, Block Class 2016-12-03 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.
CVE-2014-9093 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2016-12-03 7.5 HIGH N/A
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2015-8466 2 Fedoraproject, Openstack 2 Fedora, Swift3 2016-12-01 5.8 MEDIUM 7.4 HIGH
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
CVE-2016-4482 4 Canonical, Fedoraproject, Linux and 1 more 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more 2016-11-28 2.1 LOW 6.2 MEDIUM
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE-2014-1573 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2016-11-28 4.3 MEDIUM N/A
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.
CVE-2014-1572 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2016-11-28 5.0 MEDIUM N/A
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.
CVE-2014-1527 4 Fedoraproject, Google, Mozilla and 1 more 4 Fedora, Android, Firefox and 1 more 2016-11-17 5.0 MEDIUM N/A
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.