Filtered by vendor Fedoraproject
Subscribe
Total
5329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | |||||
| CVE-2017-11368 | 2 Fedoraproject, Mit | 3 Fedora, Kerberos, Kerberos 5 | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | |||||
| CVE-2017-8932 | 4 Fedoraproject, Golang, Novell and 1 more | 4 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | |||||
| CVE-2017-5885 | 2 Fedoraproject, Gnome | 2 Fedora, Gtk-vnc | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | |||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |||||
| CVE-2015-0296 | 2 Fedoraproject, Tug | 2 Fedora, Texlive | 2025-04-20 | 1.2 LOW | 4.7 MEDIUM |
| The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | |||||
| CVE-2016-8692 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | |||||
| CVE-2016-10132 | 2 Artifex, Fedoraproject | 2 Mujs, Fedora | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. | |||||
| CVE-2016-3095 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||||
| CVE-2016-9961 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| game-music-emu before 0.6.1 mishandles unspecified integer values. | |||||
| CVE-2015-5739 | 3 Fedoraproject, Golang, Redhat | 6 Fedora, Go, Enterprise Linux Server and 3 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." | |||||
| CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |||||
| CVE-2014-8119 | 3 Fedoraproject, Netcf Project, Redhat | 3 Fedora, Netcf, Enterprise Linux | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | |||||
| CVE-2014-9114 | 3 Fedoraproject, Kernel, Opensuse | 3 Fedora, Util-linux, Opensuse | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | |||||
| CVE-2015-5069 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | |||||
| CVE-2017-5849 | 2 Fedoraproject, Netpbm Project | 2 Fedora, Netpbm | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. | |||||
| CVE-2016-9085 | 2 Fedoraproject, Webmproject | 2 Fedora, Libwebp | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | |||||
| CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
| CVE-2016-5178 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||