Total
5264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0557 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. | |||||
| CVE-2016-4540 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | |||||
| CVE-2016-3144 | 2 Fedoraproject, Fourkitchens | 2 Fedora, Block Class | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. | |||||
| CVE-2015-2157 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2025-04-12 | 2.1 LOW | N/A |
| The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | |||||
| CVE-2016-1522 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox and 2 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. | |||||
| CVE-2016-4610 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Icloud, Iphone Os, Itunes and 7 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. | |||||
| CVE-2016-4414 | 3 Fedoraproject, Opensuse, Quassel-irc | 4 Fedora, Leap, Opensuse and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | |||||
| CVE-2015-8836 | 2 Fedoraproject, Fuseiso Project | 2 Fedora, Fuseiso | 2025-04-12 | 6.8 MEDIUM | 7.3 HIGH |
| Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. | |||||
| CVE-2015-4836 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 2.8 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |||||
| CVE-2015-7201 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-1573 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | 4.3 MEDIUM | N/A |
| Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name. | |||||
| CVE-2016-2044 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
| CVE-2016-9014 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. | |||||
| CVE-2012-2095 | 2 David Paleino, Fedoraproject | 2 Wicd, Fedora | 2025-04-12 | 6.9 MEDIUM | N/A |
| The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. | |||||
| CVE-2016-1247 | 4 Canonical, Debian, F5 and 1 more | 4 Ubuntu Linux, Debian Linux, Nginx and 1 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | |||||
| CVE-2013-6475 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-0278 | 3 Fedoraproject, Libuv Project, Nodejs | 3 Fedora, Libuv, Node.js | 2025-04-12 | 10.0 HIGH | N/A |
| libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. | |||||
| CVE-2015-3152 | 6 Debian, Fedoraproject, Mariadb and 3 more | 12 Debian Linux, Fedora, Mariadb and 9 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. | |||||
| CVE-2014-9639 | 3 Fedoraproject, Opensuse, Xiph | 3 Fedora, Opensuse, Vorbis-tools | 2025-04-12 | 5.0 MEDIUM | N/A |
| Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | |||||
| CVE-2015-0374 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. | |||||