ReportizFlow
Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5341 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1901 | 2 Cgit Project, Fedoraproject | 2 Cgit, Fedora | 2025-04-12 | N/A |
| Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow. | ||||
| CVE-2014-1519 | 4 Canonical, Fedoraproject, Mozilla and 1 more | 5 Ubuntu Linux, Fedora, Firefox and 2 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2015-6665 | 3 Chaos Tool Suite Project, Drupal, Fedoraproject | 3 Ctools, Drupal, Fedora | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. | ||||
| CVE-2016-5386 | 4 Fedoraproject, Golang, Oracle and 1 more | 7 Fedora, Go, Linux and 4 more | 2025-04-12 | 8.1 High |
| The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | ||||
| CVE-2016-2334 | 3 7-zip, Fedoraproject, Oracle | 3 7-zip, Fedora, Solaris | 2025-04-12 | N/A |
| Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. | ||||
| CVE-2016-2044 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2025-04-12 | N/A |
| libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | ||||
| CVE-2014-8738 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | N/A |
| The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. | ||||
| CVE-2016-1899 | 2 Cgit Project, Fedoraproject | 2 Cgit, Fedora | 2025-04-12 | N/A |
| CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c. | ||||
| CVE-2016-2312 | 3 Fedoraproject, Kde, Opensuse | 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more | 2025-04-12 | N/A |
| Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | ||||
| CVE-2016-7945 | 2 Fedoraproject, X.org | 2 Fedora, Libxi | 2025-04-12 | N/A |
| Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. | ||||
| CVE-2015-1038 | 3 7-zip, Fedoraproject, Oracle | 3 P7zip, Fedora, Solaris | 2025-04-12 | N/A |
| p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | ||||
| CVE-2016-7167 | 3 Fedoraproject, Haxx, Redhat | 5 Fedora, Libcurl, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | ||||
| CVE-2016-7948 | 2 Fedoraproject, X.org | 2 Fedora, Libxrandr | 2025-04-12 | N/A |
| X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | ||||
| CVE-2014-8485 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Binutils and 1 more | 2025-04-12 | N/A |
| The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. | ||||
| CVE-2016-5766 | 6 Debian, Fedoraproject, Freebsd and 3 more | 8 Debian Linux, Fedora, Freebsd and 5 more | 2025-04-12 | N/A |
| Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | ||||
| CVE-2016-4540 | 4 Fedoraproject, Opensuse, Php and 1 more | 4 Fedora, Leap, Php and 1 more | 2025-04-12 | N/A |
| The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | ||||
| CVE-2015-8370 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Grub2, Enterprise Linux | 2025-04-12 | 7.4 High |
| Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. | ||||
| CVE-2015-3455 | 4 Fedoraproject, Oracle, Redhat and 1 more | 5 Fedora, Linux, Solaris and 2 more | 2025-04-12 | N/A |
| Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | ||||
| CVE-2014-0198 | 7 Debian, Fedoraproject, Mariadb and 4 more | 11 Debian Linux, Fedora, Mariadb and 8 more | 2025-04-12 | N/A |
| The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | ||||
| CVE-2016-4021 | 2 Fedoraproject, Pgpdump Project | 2 Fedora, Pgpdump | 2025-04-12 | N/A |
| The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. | ||||