Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 4367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1527 4 Fedoraproject, Google, Mozilla and 1 more 4 Fedora, Android, Firefox and 1 more 2016-11-17 5.0 MEDIUM N/A
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.
CVE-2015-0856 2 Fedoraproject, Sddm Project 2 Fedora, Sddm 2016-11-17 4.6 MEDIUM N/A
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
CVE-2013-2032 3 Fedoraproject, Gentoo, Mediawiki 3 Fedora, Linux, Mediawiki 2016-10-18 5.0 MEDIUM N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
CVE-2013-4589 3 Fedoraproject, Graphicsmagick, Novell 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more 2016-08-26 4.3 MEDIUM N/A
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
CVE-2014-9472 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2016-08-23 7.1 HIGH N/A
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
CVE-2015-1051 2 Context Project, Fedoraproject 2 Context, Fedora 2016-08-23 5.8 MEDIUM N/A
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2016-2044 2 Fedoraproject, Phpmyadmin 2 Fedora, Phpmyadmin 2016-08-17 5.0 MEDIUM 5.3 MEDIUM
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVE-2016-2045 2 Fedoraproject, Phpmyadmin 2 Fedora, Phpmyadmin 2016-08-02 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
CVE-2015-0844 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2016-06-28 5.0 MEDIUM N/A
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
CVE-2016-4021 2 Fedoraproject, Pgpdump Project 2 Fedora, Pgpdump 2016-06-15 7.8 HIGH 7.5 HIGH
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
CVE-2016-1231 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2016-06-15 4.3 MEDIUM 5.9 MEDIUM
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
CVE-2015-7827 3 Botan Project, Debian, Fedoraproject 3 Botan, Debian Linux, Fedora 2016-06-09 5.0 MEDIUM 7.5 HIGH
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
CVE-2016-1232 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2016-06-09 5.0 MEDIUM 7.5 HIGH
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.
CVE-2015-8106 2 Fedoraproject, Latex2rtf Project 2 Fedora, Latex2rtf 2016-05-18 9.3 HIGH 7.8 HIGH
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.
CVE-2016-2146 2 Fedoraproject, Uninett 2 Fedora, Mod Auth Mellon 2016-04-25 5.0 MEDIUM 7.5 HIGH
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
CVE-2016-2145 2 Fedoraproject, Uninett 2 Fedora, Mod Auth Mellon 2016-04-25 5.0 MEDIUM 7.5 HIGH
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.
CVE-2015-3146 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2016-04-20 5.0 MEDIUM 7.5 HIGH
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
CVE-2014-9465 2 Fedoraproject, Zarafa 3 Fedora, Webapp, Zarafa Collaboration Platform 2016-04-07 5.0 MEDIUM N/A
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
CVE-2014-1571 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2016-04-07 4.0 MEDIUM N/A
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
CVE-2014-1517 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2016-04-04 4.0 MEDIUM N/A
The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.