Filtered by vendor Fedoraproject
Subscribe
Total
5143 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2328 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2018-12-13 | 6.5 MEDIUM | N/A |
| lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | |||||
| CVE-2015-8779 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | |||||
| CVE-2015-3340 | 5 Debian, Fedoraproject, Opensuse and 2 more | 9 Debian Linux, Fedora, Opensuse and 6 more | 2018-10-30 | 2.9 LOW | N/A |
| Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. | |||||
| CVE-2015-8778 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | |||||
| CVE-2015-8776 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2018-10-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | |||||
| CVE-2015-2155 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2018-10-30 | 7.5 HIGH | N/A |
| The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-6938 | 4 Fedoraproject, Ipython, Jupyter and 1 more | 4 Fedora, Notebook, Notebook and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate. | |||||
| CVE-2014-1528 | 7 Canonical, Fedoraproject, Microsoft and 4 more | 8 Ubuntu Linux, Fedora, Windows and 5 more | 2018-10-30 | 10.0 HIGH | N/A |
| The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. | |||||
| CVE-2013-5611 | 7 Canonical, Fedoraproject, Mozilla and 4 more | 9 Ubuntu Linux, Fedora, Firefox and 6 more | 2018-10-30 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. | |||||
| CVE-2015-7208 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | |||||
| CVE-2015-7213 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. | |||||
| CVE-2014-9674 | 6 Canonical, Fedoraproject, Freetype and 3 more | 11 Ubuntu Linux, Fedora, Freetype and 8 more | 2018-10-30 | 7.5 HIGH | N/A |
| The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. | |||||
| CVE-2015-7211 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | |||||
| CVE-2016-2041 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | |||||
| CVE-2015-7217 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image. | |||||
| CVE-2015-7204 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||||
| CVE-2016-2038 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2018-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
| CVE-2015-7210 | 3 Fedoraproject, Mozilla, Opensuse | 5 Fedora, Firefox, Firefox Esr and 2 more | 2018-10-30 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. | |||||
| CVE-2015-3622 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Libtasn1, Opensuse | 2018-10-30 | 4.3 MEDIUM | N/A |
| The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. | |||||