Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 3387 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0856 2 Fedoraproject, Sddm Project 2 Fedora, Sddm 2016-11-17 4.6 MEDIUM N/A
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
CVE-2013-2032 3 Fedoraproject, Gentoo, Mediawiki 3 Fedora, Linux, Mediawiki 2016-10-18 5.0 MEDIUM N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
CVE-2016-0741 2 Fedoraproject, Redhat 6 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 3 more 2016-10-12 7.8 HIGH 7.5 HIGH
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
CVE-2013-4589 3 Fedoraproject, Graphicsmagick, Novell 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more 2016-08-26 4.3 MEDIUM N/A
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
CVE-2014-9472 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2016-08-23 7.1 HIGH N/A
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
CVE-2015-1051 2 Context Project, Fedoraproject 2 Context, Fedora 2016-08-23 5.8 MEDIUM N/A
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2016-2044 2 Fedoraproject, Phpmyadmin 2 Fedora, Phpmyadmin 2016-08-17 5.0 MEDIUM 5.3 MEDIUM
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-2045 2 Fedoraproject, Phpmyadmin 2 Fedora, Phpmyadmin 2016-08-02 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
CVE-2014-8112 1 Fedoraproject 2 389 Directory Server, Fedora 2016-06-30 4.0 MEDIUM N/A
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
CVE-2014-8105 1 Fedoraproject 2 389 Directory Server, Fedora 2016-06-30 5.0 MEDIUM N/A
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
CVE-2015-0844 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2016-06-28 5.0 MEDIUM N/A
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
CVE-2016-4021 2 Fedoraproject, Pgpdump Project 2 Fedora, Pgpdump 2016-06-15 7.8 HIGH 7.5 HIGH
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
CVE-2016-1231 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2016-06-15 4.3 MEDIUM 5.9 MEDIUM
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
CVE-2015-7827 3 Botan Project, Debian, Fedoraproject 3 Botan, Debian Linux, Fedora 2016-06-09 5.0 MEDIUM 7.5 HIGH
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
CVE-2016-1232 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2016-06-09 5.0 MEDIUM 7.5 HIGH
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.
CVE-2015-8106 2 Fedoraproject, Latex2rtf Project 2 Fedora, Latex2rtf 2016-05-18 9.3 HIGH 7.8 HIGH
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.
CVE-2016-2146 2 Fedoraproject, Uninett 2 Fedora, Mod Auth Mellon 2016-04-25 5.0 MEDIUM 7.5 HIGH
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
CVE-2016-2145 2 Fedoraproject, Uninett 2 Fedora, Mod Auth Mellon 2016-04-25 5.0 MEDIUM 7.5 HIGH
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.
CVE-2015-3146 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2016-04-20 5.0 MEDIUM 7.5 HIGH
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
CVE-2014-9465 2 Fedoraproject, Zarafa 3 Fedora, Webapp, Zarafa Collaboration Platform 2016-04-07 5.0 MEDIUM N/A
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.