Filtered by vendor Fedoraproject
Subscriptions
Total
5399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 14 Debian Linux, Fedora, Ntp and 11 more | 2025-04-20 | N/A |
| ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | ||||
| CVE-2016-6866 | 2 Fedoraproject, Suckless | 2 Fedora, Slock | 2025-04-20 | N/A |
| slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. | ||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2025-04-20 | N/A |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
| CVE-2017-16818 | 2 Fedoraproject, Redhat | 2 Fedora, Ceph | 2025-04-20 | N/A |
| RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. | ||||
| CVE-2016-8606 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2025-04-20 | N/A |
| The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | ||||
| CVE-2016-2090 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-20 | 9.8 Critical |
| Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | ||||
| CVE-2015-5258 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Social | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | ||||
| CVE-2017-6312 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 5.5 Medium |
| Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | ||||
| CVE-2017-6313 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 7.1 High |
| Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | ||||
| CVE-2016-5391 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2025-04-20 | N/A |
| libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). | ||||
| CVE-2017-6362 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-20 | N/A |
| Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | ||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 7 Ubuntu Linux, Fedora, Jasper and 4 more | 2025-04-20 | 7.5 High |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | ||||
| CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 10 Debian Linux, Fedora, Gstreamer and 7 more | 2025-04-20 | 4.7 Medium |
| The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | ||||
| CVE-2017-11462 | 2 Fedoraproject, Mit | 2 Fedora, Kerberos 5 | 2025-04-20 | N/A |
| Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | ||||
| CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2025-04-20 | N/A |
| The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | ||||
| CVE-2016-8691 | 4 Debian, Fedoraproject, Jasper Project and 1 more | 4 Debian Linux, Fedora, Jasper and 1 more | 2025-04-20 | N/A |
| The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. | ||||
| CVE-2015-5740 | 3 Fedoraproject, Golang, Redhat | 7 Fedora, Go, Enterprise Linux and 4 more | 2025-04-20 | N/A |
| The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | ||||
| CVE-2017-8932 | 5 Fedoraproject, Golang, Novell and 2 more | 5 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-20 | N/A |
| A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | ||||
| CVE-2016-7969 | 3 Fedoraproject, Libass Project, Opensuse | 4 Fedora, Libass, Leap and 1 more | 2025-04-20 | 7.5 High |
| The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | ||||
| CVE-2016-9243 | 3 Canonical, Cryptography.io, Fedoraproject | 3 Ubuntu Linux, Cryptography, Fedora | 2025-04-20 | 7.5 High |
| HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | ||||