Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Total 4434 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6524 2 Apache, Fedoraproject 2 Activemq, Fedora 2016-12-09 5.0 MEDIUM N/A
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
CVE-2016-1901 2 Cgit Project, Fedoraproject 2 Cgit, Fedora 2016-12-07 7.5 HIGH 9.8 CRITICAL
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
CVE-2016-1899 2 Cgit Project, Fedoraproject 2 Cgit, Fedora 2016-12-07 4.3 MEDIUM 3.7 LOW
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
CVE-2016-1900 2 Cgit Project, Fedoraproject 2 Cgit, Fedora 2016-12-07 4.3 MEDIUM 3.7 LOW
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
CVE-2015-1462 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
CVE-2015-1463 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 5.0 MEDIUM N/A
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
CVE-2015-1461 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
CVE-2016-3960 3 Fedoraproject, Oracle, Xen 3 Fedora, Vm Server, Xen 2016-12-02 7.2 HIGH 8.8 HIGH
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2016-3144 2 Fedoraproject, Fourkitchens 2 Fedora, Block Class 2016-12-02 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.
CVE-2016-3158 3 Fedoraproject, Oracle, Xen 3 Fedora, Vm Server, Xen 2016-12-02 1.7 LOW 3.8 LOW
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
CVE-2014-9093 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2016-12-02 7.5 HIGH N/A
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2015-8466 2 Fedoraproject, Openstack 2 Fedora, Swift3 2016-11-30 5.8 MEDIUM 7.4 HIGH
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
CVE-2016-4482 4 Canonical, Fedoraproject, Linux and 1 more 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more 2016-11-28 2.1 LOW 6.2 MEDIUM
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE-2014-1572 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2016-11-28 5.0 MEDIUM N/A
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.
CVE-2014-1573 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2016-11-28 4.3 MEDIUM N/A
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.
CVE-2014-1527 4 Fedoraproject, Google, Mozilla and 1 more 4 Fedora, Android, Firefox and 1 more 2016-11-17 5.0 MEDIUM N/A
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.
CVE-2015-0856 2 Fedoraproject, Sddm Project 2 Fedora, Sddm 2016-11-17 4.6 MEDIUM N/A
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
CVE-2013-2032 3 Fedoraproject, Gentoo, Mediawiki 3 Fedora, Linux, Mediawiki 2016-10-18 5.0 MEDIUM N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
CVE-2016-0741 2 Fedoraproject, Redhat 6 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 3 more 2016-10-11 7.8 HIGH 7.5 HIGH
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
CVE-2013-4589 3 Fedoraproject, Graphicsmagick, Novell 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more 2016-08-26 4.3 MEDIUM N/A
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.