Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8036 | 5 Arm, Debian, Fedoraproject and 2 more | 5 Mbed Tls, Debian Linux, Fedora and 2 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. | ||||
| CVE-2015-7555 | 2 Fedoraproject, Giflib Project | 2 Fedora, Giflib | 2025-04-12 | N/A |
| Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. | ||||
| CVE-2015-7513 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.5 Medium |
| arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | ||||
| CVE-2015-1051 | 2 Context Project, Fedoraproject | 2 Context, Fedora | 2025-04-12 | N/A |
| Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | ||||
| CVE-2015-1165 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2025-04-12 | N/A |
| RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | ||||
| CVE-2015-7223 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | ||||
| CVE-2015-7222 | 4 Fedoraproject, Mozilla, Opensuse and 1 more | 5 Fedora, Firefox, Leap and 2 more | 2025-04-12 | N/A |
| Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. | ||||
| CVE-2015-7220 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. | ||||
| CVE-2015-7217 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2025-04-12 | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | ||||
| CVE-2015-1433 | 3 Fedoraproject, Opensuse, Roundcube | 3 Fedora, Opensuse, Webmail | 2025-04-12 | N/A |
| program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. | ||||
| CVE-2015-1462 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2025-04-12 | N/A |
| ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | ||||
| CVE-2015-1464 | 2 Bestpractical, Fedoraproject | 2 Request Tracker, Fedora | 2025-04-12 | N/A |
| RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | ||||
| CVE-2015-1563 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
| The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | ||||
| CVE-2015-1609 | 3 Fedoraproject, Mongodb, Redhat | 4 Fedora, Mongodb, Satellite and 1 more | 2025-04-12 | N/A |
| MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | ||||
| CVE-2015-7216 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2025-04-12 | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | ||||
| CVE-2015-1815 | 3 Fedoraproject, Redhat, Selinux | 3 Fedora, Enterprise Linux, Setroubleshoot | 2025-04-12 | N/A |
| The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | ||||
| CVE-2015-1819 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Mac Os X, Tvos and 9 more | 2025-04-12 | N/A |
| The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. | ||||
| CVE-2015-7215 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow. | ||||
| CVE-2015-1860 | 3 Digia, Fedoraproject, Qt | 3 Qt, Fedora, Qt | 2025-04-12 | N/A |
| Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. | ||||
| CVE-2015-7213 | 4 Fedoraproject, Mozilla, Opensuse and 1 more | 5 Fedora, Firefox, Leap and 2 more | 2025-04-12 | N/A |
| Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. | ||||