Filtered by vendor Fedoraproject
Subscribe
Total
5330 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1286 | 7 Canonical, Debian, Fedoraproject and 4 more | 47 Ubuntu Linux, Debian Linux, Fedora and 44 more | 2025-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | |||||
| CVE-2016-4002 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | |||||
| CVE-2015-4807 | 4 Fedoraproject, Mariadb, Opensuse and 1 more | 6 Fedora, Mariadb, Leap and 3 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. | |||||
| CVE-2015-1609 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2025-04-12 | 5.0 MEDIUM | N/A |
| MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | |||||
| CVE-2015-8853 | 2 Fedoraproject, Perl | 2 Fedora, Perl | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." | |||||
| CVE-2015-7218 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | |||||
| CVE-2016-4609 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Icloud, Iphone Os, Itunes and 7 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. | |||||
| CVE-2016-5404 | 3 Fedoraproject, Freeipa, Oracle | 3 Fedora, Freeipa, Linux | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. | |||||
| CVE-2016-2041 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | |||||
| CVE-2015-3455 | 3 Fedoraproject, Oracle, Squid-cache | 4 Fedora, Linux, Solaris and 1 more | 2025-04-12 | 2.6 LOW | N/A |
| Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | |||||
| CVE-2015-5292 | 1 Fedoraproject | 1 Sssd | 2025-04-12 | 6.8 MEDIUM | N/A |
| Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication. | |||||
| CVE-2015-2752 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
| The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | |||||
| CVE-2016-4543 | 4 Fedoraproject, Hp, Opensuse and 1 more | 4 Fedora, System Management Homepage, Leap and 1 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | |||||
| CVE-2014-1517 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | 4.0 MEDIUM | N/A |
| The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. | |||||
| CVE-2014-8990 | 3 Debian, Fedoraproject, Lsyncd Project | 3 Debian Linux, Fedora, Lsyncd | 2025-04-12 | 7.5 HIGH | N/A |
| default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2015-4861 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||||
| CVE-2016-5384 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | |||||
| CVE-2015-4826 | 7 Canonical, Debian, Fedoraproject and 4 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. | |||||
| CVE-2015-4047 | 5 Canonical, Debian, F5 and 2 more | 25 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 22 more | 2025-04-12 | 7.8 HIGH | N/A |
| racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. | |||||
| CVE-2015-0432 | 7 Canonical, Debian, Fedoraproject and 4 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. | |||||