Filtered by vendor Fedoraproject
Subscribe
Total
5125 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 13 Debian Linux, Fedora, Ntp and 10 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | |||||
CVE-2018-5345 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | |||||
CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
CVE-2016-1247 | 4 Canonical, Debian, F5 and 1 more | 4 Ubuntu Linux, Debian Linux, Nginx and 1 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | |||||
CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||
CVE-2016-4796 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | |||||
CVE-2016-7969 | 3 Fedoraproject, Libass Project, Opensuse | 4 Fedora, Libass, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | |||||
CVE-2015-8567 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | |||||
CVE-2016-4861 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | |||||
CVE-2016-9014 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. | |||||
CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | |||||
CVE-2016-7942 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | |||||
CVE-2016-7545 | 3 Fedoraproject, Redhat, Selinux Project | 7 Fedora, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |||||
CVE-2016-7948 | 2 Fedoraproject, X.org | 2 Fedora, Libxrandr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | |||||
CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | |||||
CVE-2016-10243 | 3 Debian, Fedoraproject, Tug | 3 Debian Linux, Fedora, Tex Live | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | |||||
CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 9 Debian Linux, Fedora, Gstreamer and 6 more | 2023-12-10 | 4.3 MEDIUM | 4.7 MEDIUM |
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | |||||
CVE-2016-9400 | 2 Fedoraproject, Teeworlds | 2 Fedora, Teeworlds | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | |||||
CVE-2016-5407 | 2 Fedoraproject, X.org | 2 Fedora, Libxv | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. | |||||
CVE-2016-9956 | 3 Debian, Fedoraproject, Flightgear | 3 Debian Linux, Fedora, Flightgear | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. |