Filtered by vendor Fedoraproject
Subscribe
Total
5124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2044 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
CVE-2015-4625 | 3 Fedoraproject, Opensuse, Polkit Project | 3 Fedora, Opensuse, Polkit | 2023-12-10 | 4.6 MEDIUM | N/A |
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. | |||||
CVE-2016-4608 | 4 Apple, Fedoraproject, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | |||||
CVE-2016-3959 | 3 Fedoraproject, Golang, Opensuse | 3 Fedora, Go, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | |||||
CVE-2015-3885 | 2 Dcraw Project, Fedoraproject | 2 Dcraw, Fedora | 2023-12-10 | 4.3 MEDIUM | N/A |
Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. | |||||
CVE-2016-6323 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Glibc, Opensuse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | |||||
CVE-2015-4802 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | |||||
CVE-2015-8807 | 3 Debian, Fedoraproject, Horde | 3 Debian Linux, Fedora, Groupware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields. | |||||
CVE-2016-1926 | 2 Fedoraproject, Greenbone | 3 Fedora, Greenbone Os, Greenbone Security Assistant | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp. | |||||
CVE-2016-3071 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | |||||
CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
CVE-2015-4106 | 6 Canonical, Citrix, Debian and 3 more | 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more | 2023-12-10 | 4.6 MEDIUM | N/A |
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | |||||
CVE-2015-2080 | 2 Eclipse, Fedoraproject | 2 Jetty, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | |||||
CVE-2015-7208 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | |||||
CVE-2015-4815 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. | |||||
CVE-2015-2922 | 5 Debian, Fedoraproject, Linux and 2 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2023-12-10 | 3.3 LOW | N/A |
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
CVE-2015-3451 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | |||||
CVE-2015-7216 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | |||||
CVE-2015-7223 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2023-12-10 | 4.0 MEDIUM | N/A |
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | |||||
CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. |