Filtered by vendor Fedoraproject
Subscriptions
Total
5343 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15134 | 2 Fedoraproject, Redhat | 5 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | ||||
CVE-2017-15129 | 4 Canonical, Fedoraproject, Linux and 1 more | 22 Ubuntu Linux, Fedora, Linux Kernel and 19 more | 2024-11-21 | 4.7 Medium |
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. | ||||
CVE-2017-12173 | 2 Fedoraproject, Redhat | 7 Sssd, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | N/A |
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. | ||||
CVE-2016-4980 | 3 Ethz, Fedoraproject, Redhat | 3 Xquest, Fedora, Enterprise Linux | 2024-11-21 | 2.5 Low |
A password generation weakness exists in xquest through 2016-06-13. | ||||
CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-11-21 | 5.9 Medium |
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | ||||
CVE-2016-1544 | 2 Fedoraproject, Nghttp2 | 2 Fedora, Nghttp2 | 2024-11-21 | 3.3 Low |
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | ||||
CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-11-21 | 7.5 High |
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | ||||
CVE-2016-1000110 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Python and 2 more | 2024-11-21 | 6.1 Medium |
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. | ||||
CVE-2016-1000037 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Pagure | 2024-11-21 | 6.1 Medium |
Pagure: XSS possible in file attachment endpoint | ||||
CVE-2015-9541 | 3 Fedoraproject, Qt, Redhat | 3 Fedora, Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | ||||
CVE-2015-8980 | 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more | 4 Fedora, Leap, Php-gettext and 1 more | 2024-11-21 | 9.8 Critical |
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | ||||
CVE-2015-8011 | 4 Debian, Fedoraproject, Lldpd Project and 1 more | 8 Debian Linux, Fedora, Lldpd and 5 more | 2024-11-21 | 9.8 Critical |
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | ||||
CVE-2015-7810 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 4.7 Medium |
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | ||||
CVE-2015-7747 | 3 Audio File Library Project, Canonical, Fedoraproject | 3 Audio File Library, Ubuntu Linux, Fedora | 2024-11-21 | 8.8 High |
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | ||||
CVE-2015-6815 | 7 Arista, Canonical, Fedoraproject and 4 more | 11 Eos, Ubuntu Linux, Fedora and 8 more | 2024-11-21 | 3.5 Low |
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | ||||
CVE-2015-5745 | 3 Arista, Fedoraproject, Qemu | 3 Eos, Fedora, Qemu | 2024-11-21 | 6.5 Medium |
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. | ||||
CVE-2015-5278 | 4 Arista, Canonical, Fedoraproject and 1 more | 4 Eos, Ubuntu Linux, Fedora and 1 more | 2024-11-21 | 6.5 Medium |
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||||
CVE-2015-5239 | 5 Arista, Canonical, Fedoraproject and 2 more | 8 Eos, Ubuntu Linux, Fedora and 5 more | 2024-11-21 | 6.5 Medium |
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | ||||
CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-11-21 | 7.5 High |
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | ||||
CVE-2015-4410 | 2 Fedoraproject, Moped Project | 2 Fedora, Moped | 2024-11-21 | 7.5 High |
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. |