Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5421 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2025-04-12 | 8.1 High |
| Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2016-5157 | 4 Fedoraproject, Google, Opensuse and 1 more | 4 Fedora, Chrome, Leap and 1 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. | ||||
| CVE-2014-1517 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | N/A |
| The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. | ||||
| CVE-2015-1463 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2025-04-12 | N/A |
| ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | ||||
| CVE-2015-0556 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2025-04-12 | N/A |
| Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | ||||
| CVE-2015-3455 | 4 Fedoraproject, Oracle, Redhat and 1 more | 5 Fedora, Linux, Solaris and 2 more | 2025-04-12 | N/A |
| Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | ||||
| CVE-2015-0557 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2025-04-12 | N/A |
| Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. | ||||
| CVE-2015-3340 | 5 Debian, Fedoraproject, Opensuse and 2 more | 9 Debian Linux, Fedora, Opensuse and 6 more | 2025-04-12 | N/A |
| Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. | ||||
| CVE-2015-3451 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | N/A |
| The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | ||||
| CVE-2015-5254 | 3 Apache, Fedoraproject, Redhat | 5 Activemq, Fedora, Jboss Amq and 2 more | 2025-04-12 | N/A |
| Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | ||||
| CVE-2014-0195 | 5 Fedoraproject, Mariadb, Openssl and 2 more | 7 Fedora, Mariadb, Openssl and 4 more | 2025-04-12 | N/A |
| The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. | ||||
| CVE-2014-9527 | 3 Apache, Fedoraproject, Redhat | 3 Poi, Fedora, Jboss Data Virtualization | 2025-04-12 | N/A |
| HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. | ||||
| CVE-2015-2157 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2025-04-12 | N/A |
| The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | ||||
| CVE-2015-4106 | 6 Canonical, Citrix, Debian and 3 more | 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more | 2025-04-12 | N/A |
| QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | ||||
| CVE-2014-9472 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2025-04-12 | N/A |
| The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. | ||||
| CVE-2014-9465 | 2 Fedoraproject, Zarafa | 3 Fedora, Webapp, Zarafa Collaboration Platform | 2025-04-12 | N/A |
| senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. | ||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 16 Debian Linux, Drupal, Fedora and 13 more | 2025-04-12 | 8.1 High |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | ||||
| CVE-2014-9274 | 4 Debian, Fedoraproject, Mageia Project and 1 more | 4 Debian Linux, Fedora, Mageia and 1 more | 2025-04-12 | N/A |
| UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". | ||||
| CVE-2015-4588 | 4 Fedoraproject, Opensuse, Redhat and 1 more | 4 Fedora, Opensuse, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file. | ||||
| CVE-2014-9221 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | N/A |
| strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | ||||