Filtered by vendor Fedoraproject
Subscribe
Total
5329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5705 | 2 Devscripts Devel Team, Fedoraproject | 2 Devscripts, Fedora | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | |||||
| CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
| CVE-2016-1254 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | |||||
| CVE-2014-9637 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Patch and 1 more | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | |||||
| CVE-2016-9398 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 6 Fedora, Jasper, Leap and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
| CVE-2015-1783 | 2 Entrouvert, Fedoraproject | 2 Lasso, Fedora | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. | |||||
| CVE-2016-8690 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. | |||||
| CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
| CVE-2017-6314 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |||||
| CVE-2015-1838 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2025-04-20 | 4.6 MEDIUM | 5.3 MEDIUM |
| modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||||
| CVE-2016-6299 | 2 Fedoraproject, Mock Project | 2 Fedora, Scm Plugin | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | |||||
| CVE-2015-5195 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | |||||
| CVE-2013-7459 | 2 Dlitz, Fedoraproject | 2 Pycrypto, Fedora | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | |||||
| CVE-2016-4796 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | |||||
| CVE-2016-2090 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | |||||
| CVE-2017-12843 | 2 Cyrusimap, Fedoraproject | 2 Cyrus Imap, Fedora | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | |||||
| CVE-2015-1395 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Patch | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | |||||