Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 2520 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2041 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
CVE-2016-2040 3 Fedoraproject, Opensuse, Phpmyadmin 4 Fedora, Leap, Opensuse and 1 more 2018-10-30 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
CVE-2013-2064 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2018-10-30 6.8 MEDIUM N/A
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
CVE-2013-2139 3 Cisco, Fedoraproject, Opensuse 3 Libsrtp, Fedora, Opensuse 2018-10-30 2.6 LOW N/A
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
CVE-2013-2191 3 Fedoraproject, Opensuse, Python Bugzilla Project 3 Fedora, Opensuse, Python-bugzilla 2018-10-30 4.3 MEDIUM N/A
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
CVE-2013-4124 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Opensuse and 2 more 2018-10-30 5.0 MEDIUM N/A
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
CVE-2015-8776 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2018-10-30 6.4 MEDIUM 9.1 CRITICAL
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2015-8778 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2018-10-30 7.5 HIGH 9.8 CRITICAL
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVE-2015-8779 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2018-10-30 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2016-1254 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVE-2013-5611 7 Canonical, Fedoraproject, Mozilla and 4 more 9 Ubuntu Linux, Fedora, Firefox and 6 more 2018-10-30 5.8 MEDIUM N/A
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
CVE-2015-8869 3 Fedoraproject, Ocaml, Opensuse 3 Fedora, Ocaml, Opensuse 2018-10-30 6.4 MEDIUM 9.1 CRITICAL
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
CVE-2016-0787 4 Debian, Fedoraproject, Libssh2 and 1 more 4 Debian Linux, Fedora, Libssh2 and 1 more 2018-10-30 4.3 MEDIUM 5.9 MEDIUM
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
CVE-2016-9961 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2018-10-30 10.0 HIGH 9.8 CRITICAL
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9960 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2018-10-30 2.1 LOW 5.5 MEDIUM
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2015-1433 3 Fedoraproject, Opensuse, Roundcube 3 Fedora, Opensuse, Webmail 2018-10-30 4.3 MEDIUM N/A
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
CVE-2016-8693 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Opensuse 2018-10-30 6.8 MEDIUM 7.8 HIGH
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVE-2015-0848 3 Fedoraproject, Opensuse, Wvware 3 Fedora, Opensuse, Libwmf 2018-10-30 6.8 MEDIUM N/A
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.
CVE-2015-0778 3 Fedoraproject, Opensuse, Suse 3 Fedora, Opensuse, Opensuse Osc 2018-10-30 7.5 HIGH N/A
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
CVE-2015-5235 3 Fedoraproject, Opensuse, Redhat 7 Fedora, Opensuse, Enterprise Linux Desktop and 4 more 2018-10-30 4.3 MEDIUM N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.