Total
4367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1527 | 4 Fedoraproject, Google, Mozilla and 1 more | 4 Fedora, Android, Firefox and 1 more | 2016-11-17 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. | |||||
| CVE-2015-0856 | 2 Fedoraproject, Sddm Project | 2 Fedora, Sddm | 2016-11-17 | 4.6 MEDIUM | N/A |
| daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | |||||
| CVE-2013-2032 | 3 Fedoraproject, Gentoo, Mediawiki | 3 Fedora, Linux, Mediawiki | 2016-10-18 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. | |||||
| CVE-2013-4589 | 3 Fedoraproject, Graphicsmagick, Novell | 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more | 2016-08-26 | 4.3 MEDIUM | N/A |
| The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. | |||||
| CVE-2014-9472 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2016-08-23 | 7.1 HIGH | N/A |
| The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. | |||||
| CVE-2015-1051 | 2 Context Project, Fedoraproject | 2 Context, Fedora | 2016-08-23 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | |||||
| CVE-2016-2044 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2016-08-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
| CVE-2016-2045 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2016-08-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. | |||||
| CVE-2015-0844 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2016-06-28 | 5.0 MEDIUM | N/A |
| The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||||
| CVE-2016-4021 | 2 Fedoraproject, Pgpdump Project | 2 Fedora, Pgpdump | 2016-06-15 | 7.8 HIGH | 7.5 HIGH |
| The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. | |||||
| CVE-2016-1231 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2016-06-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. | |||||
| CVE-2015-7827 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2016-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | |||||
| CVE-2016-1232 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2016-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. | |||||
| CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2016-05-18 | 9.3 HIGH | 7.8 HIGH |
| Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | |||||
| CVE-2016-2146 | 2 Fedoraproject, Uninett | 2 Fedora, Mod Auth Mellon | 2016-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. | |||||
| CVE-2016-2145 | 2 Fedoraproject, Uninett | 2 Fedora, Mod Auth Mellon | 2016-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. | |||||
| CVE-2015-3146 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2016-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. | |||||
| CVE-2014-9465 | 2 Fedoraproject, Zarafa | 3 Fedora, Webapp, Zarafa Collaboration Platform | 2016-04-07 | 5.0 MEDIUM | N/A |
| senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. | |||||
| CVE-2014-1571 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2016-04-07 | 4.0 MEDIUM | N/A |
| Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template. | |||||
| CVE-2014-1517 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2016-04-04 | 4.0 MEDIUM | N/A |
| The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. | |||||