Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 2520 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7213 3 Fedoraproject, Mozilla, Opensuse 5 Fedora, Firefox, Firefox Esr and 2 more 2018-10-30 6.8 MEDIUM N/A
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
CVE-2015-7214 3 Fedoraproject, Mozilla, Opensuse 5 Fedora, Firefox, Firefox Esr and 2 more 2018-10-30 5.0 MEDIUM N/A
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
CVE-2015-7215 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2018-10-30 5.0 MEDIUM N/A
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
CVE-2015-7216 4 Fedoraproject, Gnome, Mozilla and 1 more 5 Fedora, Gnome, Firefox and 2 more 2018-10-30 6.8 MEDIUM N/A
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.
CVE-2015-7217 4 Fedoraproject, Gnome, Mozilla and 1 more 5 Fedora, Gnome, Firefox and 2 more 2018-10-30 4.3 MEDIUM N/A
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.
CVE-2016-3075 4 Canonical, Fedoraproject, Gnu and 1 more 4 Ubuntu Linux, Fedora, Glibc and 1 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2015-7221 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2018-10-30 10.0 HIGH N/A
Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.
CVE-2015-7222 3 Fedoraproject, Mozilla, Opensuse 5 Fedora, Firefox, Firefox Esr and 2 more 2018-10-30 6.8 MEDIUM N/A
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
CVE-2015-7223 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2018-10-30 4.0 MEDIUM N/A
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.
CVE-2016-3069 6 Debian, Fedoraproject, Mercurial and 3 more 14 Debian Linux, Fedora, Mercurial and 11 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-3068 6 Debian, Fedoraproject, Mercurial and 3 more 14 Debian Linux, Fedora, Mercurial and 11 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2014-0247 5 Canonical, Fedoraproject, Libreoffice and 2 more 7 Ubuntu Linux, Fedora, Libreoffice and 4 more 2018-10-30 10.0 HIGH N/A
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.
CVE-2016-2312 3 Fedoraproject, Kde, Opensuse 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more 2018-10-30 4.6 MEDIUM 6.8 MEDIUM
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
CVE-2014-0019 3 Dest-unreach, Fedoraproject, Opensuse 3 Socat, Fedora, Opensuse 2018-10-30 1.9 LOW N/A
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.
CVE-2013-0211 5 Canonical, Fedoraproject, Freebsd and 2 more 5 Ubuntu Linux, Fedora, Freebsd and 2 more 2018-10-30 5.0 MEDIUM N/A
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
CVE-2013-0348 5 Acme, Fedoraproject, Gentoo and 2 more 5 Thttpd, Fedora, Linux and 2 more 2018-10-30 2.1 LOW N/A
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVE-2016-2043 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.
CVE-2016-2042 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
CVE-2016-2039 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
CVE-2016-2038 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 5.0 MEDIUM 5.3 MEDIUM
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.