Filtered by vendor Fedoraproject
Subscribe
Total
5433 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2155 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-7496 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome Display Manager | 2025-04-12 | 7.2 HIGH | N/A |
| GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. | |||||
| CVE-2016-0724 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. | |||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | |||||
| CVE-2015-0381 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. | |||||
| CVE-2016-4008 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Libtasn1 and 1 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. | |||||
| CVE-2014-4668 | 3 Cherokee-project, Fedoraproject, Mageia Project | 3 Cherokee, Fedora, Mageia | 2025-04-12 | 6.8 MEDIUM | N/A |
| The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2016-3110 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | |||||
| CVE-2014-8964 | 6 Fedoraproject, Mariadb, Opensuse and 3 more | 11 Fedora, Mariadb, Opensuse and 8 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | |||||
| CVE-2014-2287 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2025-04-12 | 3.5 LOW | N/A |
| channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. | |||||
| CVE-2014-1572 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | 5.0 MEDIUM | N/A |
| The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. | |||||
| CVE-2016-7953 | 2 Fedoraproject, X.org | 2 Fedora, Libxvmc | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | |||||
| CVE-2015-7219 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | |||||
| CVE-2014-9527 | 2 Apache, Fedoraproject | 2 Poi, Fedora | 2025-04-12 | 5.0 MEDIUM | N/A |
| HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. | |||||
| CVE-2016-0739 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | |||||
| CVE-2016-0753 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. | |||||
| CVE-2016-7942 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | |||||
| CVE-2014-9472 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2025-04-12 | 7.1 HIGH | N/A |
| The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. | |||||
| CVE-2015-7217 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | |||||
| CVE-2015-8389 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||