Filtered by vendor Fedoraproject
Subscriptions
Total
5402 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-20 | N/A |
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | ||||
CVE-2015-6816 | 2 Fedoraproject, Ganglia | 2 Fedora, Ganglia-web | 2025-04-20 | N/A |
ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | ||||
CVE-2016-5391 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2025-04-20 | N/A |
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). | ||||
CVE-2015-3229 | 1 Fedoraproject | 2 Atomic, Spin-kickstarts | 2025-04-20 | N/A |
fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. | ||||
CVE-2015-4645 | 2 Fedoraproject, Squashfs Project | 2 Fedora, Squashfs | 2025-04-20 | 5.5 Medium |
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | ||||
CVE-2015-5069 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-20 | N/A |
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | ||||
CVE-2015-5258 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Social | 2025-04-20 | 8.8 High |
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | ||||
CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | N/A |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | ||||
CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2025-04-20 | N/A |
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
CVE-2017-1002150 | 1 Fedoraproject | 1 Python-fedora | 2025-04-20 | N/A |
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | ||||
CVE-2015-5740 | 3 Fedoraproject, Golang, Redhat | 7 Fedora, Go, Enterprise Linux and 4 more | 2025-04-20 | N/A |
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | ||||
CVE-2014-4978 | 2 Fedoraproject, Rawstudio | 2 Fedora, Rawstudio | 2025-04-20 | N/A |
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | ||||
CVE-2015-5146 | 3 Debian, Fedoraproject, Ntp | 3 Debian Linux, Fedora, Ntp | 2025-04-20 | N/A |
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. | ||||
CVE-2014-8119 | 3 Fedoraproject, Netcf Project, Redhat | 3 Fedora, Netcf, Enterprise Linux | 2025-04-20 | N/A |
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | ||||
CVE-2014-9114 | 3 Fedoraproject, Kernel, Opensuse | 3 Fedora, Util-linux, Opensuse | 2025-04-20 | N/A |
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | ||||
CVE-2015-8567 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-20 | 7.7 High |
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | ||||
CVE-2015-0233 | 1 Fedoraproject | 1 389 Administration Server | 2025-04-20 | N/A |
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | ||||
CVE-2015-1395 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Patch | 2025-04-20 | N/A |
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | ||||
CVE-2016-7969 | 3 Fedoraproject, Libass Project, Opensuse | 4 Fedora, Libass, Leap and 1 more | 2025-04-20 | 7.5 High |
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | ||||
CVE-2016-9956 | 3 Debian, Fedoraproject, Flightgear | 3 Debian Linux, Fedora, Flightgear | 2025-04-20 | N/A |
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. |