Filtered by vendor Fedoraproject Subscriptions
Total 5343 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-15134 2 Fedoraproject, Redhat 5 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 2 more 2024-11-21 N/A
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
CVE-2017-15129 4 Canonical, Fedoraproject, Linux and 1 more 22 Ubuntu Linux, Fedora, Linux Kernel and 19 more 2024-11-21 4.7 Medium
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
CVE-2017-12173 2 Fedoraproject, Redhat 7 Sssd, Enterprise Linux, Enterprise Linux Desktop and 4 more 2024-11-21 N/A
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
CVE-2016-4980 3 Ethz, Fedoraproject, Redhat 3 Xquest, Fedora, Enterprise Linux 2024-11-21 2.5 Low
A password generation weakness exists in xquest through 2016-06-13.
CVE-2016-2124 5 Canonical, Debian, Fedoraproject and 2 more 26 Ubuntu Linux, Debian Linux, Fedora and 23 more 2024-11-21 5.9 Medium
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
CVE-2016-1544 2 Fedoraproject, Nghttp2 2 Fedora, Nghttp2 2024-11-21 3.3 Low
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
CVE-2016-10937 4 Debian, Fedoraproject, Imapfilter Project and 1 more 5 Debian Linux, Fedora, Imapfilter and 2 more 2024-11-21 7.5 High
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.
CVE-2016-1000110 4 Debian, Fedoraproject, Python and 1 more 5 Debian Linux, Fedora, Python and 2 more 2024-11-21 6.1 Medium
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
CVE-2016-1000037 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Pagure 2024-11-21 6.1 Medium
Pagure: XSS possible in file attachment endpoint
CVE-2015-9541 3 Fedoraproject, Qt, Redhat 3 Fedora, Qt, Enterprise Linux 2024-11-21 7.5 High
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
CVE-2015-8980 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more 4 Fedora, Leap, Php-gettext and 1 more 2024-11-21 9.8 Critical
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVE-2015-8011 4 Debian, Fedoraproject, Lldpd Project and 1 more 8 Debian Linux, Fedora, Lldpd and 5 more 2024-11-21 9.8 Critical
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
CVE-2015-7810 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 4.7 Medium
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
CVE-2015-7747 3 Audio File Library Project, Canonical, Fedoraproject 3 Audio File Library, Ubuntu Linux, Fedora 2024-11-21 8.8 High
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
CVE-2015-6815 7 Arista, Canonical, Fedoraproject and 4 more 11 Eos, Ubuntu Linux, Fedora and 8 more 2024-11-21 3.5 Low
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2015-5745 3 Arista, Fedoraproject, Qemu 3 Eos, Fedora, Qemu 2024-11-21 6.5 Medium
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
CVE-2015-5278 4 Arista, Canonical, Fedoraproject and 1 more 4 Eos, Ubuntu Linux, Fedora and 1 more 2024-11-21 6.5 Medium
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-5239 5 Arista, Canonical, Fedoraproject and 2 more 8 Eos, Ubuntu Linux, Fedora and 5 more 2024-11-21 6.5 Medium
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
CVE-2015-4411 2 Fedoraproject, Mongodb 2 Fedora, Bson 2024-11-21 7.5 High
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.
CVE-2015-4410 2 Fedoraproject, Moped Project 2 Fedora, Moped 2024-11-21 7.5 High
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.