Filtered by vendor Fedoraproject
Subscribe
Total
5336 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9092 | 3 Canonical, Fedoraproject, Libjpeg-turbo | 3 Ubuntu Linux, Fedora, Libjpeg-turbo | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | |||||
| CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
| CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||
| CVE-2017-8932 | 4 Fedoraproject, Golang, Novell and 1 more | 4 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | |||||
| CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | |||||
| CVE-2016-9960 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | |||||
| CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | |||||
| CVE-2016-9397 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
| CVE-2017-7496 | 1 Fedoraproject | 1 Arm Installer | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories. | |||||
| CVE-2017-6311 | 2 Fedoraproject, Gnome | 2 Fedora, Gdk-pixbuf | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. | |||||
| CVE-2017-5885 | 2 Fedoraproject, Gnome | 2 Fedora, Gtk-vnc | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | |||||
| CVE-2015-5194 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | |||||
| CVE-2016-8693 | 3 Fedoraproject, Jasper Project, Opensuse | 3 Fedora, Jasper, Opensuse | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | |||||
| CVE-2017-5884 | 2 Fedoraproject, Gnome | 2 Fedora, Gtk-vnc | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | |||||
| CVE-2015-1783 | 2 Entrouvert, Fedoraproject | 2 Lasso, Fedora | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. | |||||
| CVE-2016-7543 | 2 Fedoraproject, Gnu | 2 Fedora, Bash | 2025-04-20 | 7.2 HIGH | 8.4 HIGH |
| Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | |||||
| CVE-2016-8569 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | |||||
| CVE-2015-8854 | 2 Fedoraproject, Marked Project | 2 Fedora, Marked | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)." | |||||
| CVE-2017-1000001 | 1 Fedoraproject | 1 Fedmsg | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. | |||||
| CVE-2017-6314 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |||||