Filtered by vendor Fedoraproject
Subscriptions
Total
5396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | ||||
| CVE-2015-5221 | 5 Fedoraproject, Jasper Project, Opensuse and 2 more | 6 Fedora, Jasper, Leap and 3 more | 2025-04-20 | N/A |
| Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | ||||
| CVE-2017-1000001 | 1 Fedoraproject | 1 Fedmsg | 2025-04-20 | N/A |
| FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. | ||||
| CVE-2015-5704 | 2 Devscripts Devel Team, Fedoraproject | 2 Devscripts, Fedora | 2025-04-20 | N/A |
| scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | ||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2025-04-20 | N/A |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
| CVE-2015-5194 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2025-04-20 | N/A |
| The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | ||||
| CVE-2015-5070 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-20 | N/A |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. | ||||
| CVE-2015-5203 | 5 Fedoraproject, Jasper Project, Opensuse and 2 more | 6 Fedora, Jasper, Leap and 3 more | 2025-04-20 | N/A |
| Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | ||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2025-04-20 | 7.5 High |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | ||||
| CVE-2015-5069 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-20 | N/A |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | ||||
| CVE-2016-3696 | 3 Fedoraproject, Pulpproject, Redhat | 4 Fedora, Pulp, Satellite and 1 more | 2025-04-20 | N/A |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | ||||
| CVE-2015-5705 | 2 Devscripts Devel Team, Fedoraproject | 2 Devscripts, Fedora | 2025-04-20 | N/A |
| Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | ||||
| CVE-2015-5740 | 3 Fedoraproject, Golang, Redhat | 7 Fedora, Go, Enterprise Linux and 4 more | 2025-04-20 | N/A |
| The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. | ||||
| CVE-2014-9092 | 3 Canonical, Fedoraproject, Libjpeg-turbo | 3 Ubuntu Linux, Fedora, Libjpeg-turbo | 2025-04-20 | N/A |
| libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | ||||
| CVE-2015-0233 | 1 Fedoraproject | 1 389 Administration Server | 2025-04-20 | N/A |
| Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | ||||
| CVE-2014-4978 | 2 Fedoraproject, Rawstudio | 2 Fedora, Rawstudio | 2025-04-20 | N/A |
| The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | ||||
| CVE-2016-10243 | 3 Debian, Fedoraproject, Tug | 3 Debian Linux, Fedora, Tex Live | 2025-04-20 | N/A |
| TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | ||||
| CVE-2015-1838 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2025-04-20 | N/A |
| modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | ||||
| CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 14 Debian Linux, Fedora, Ntp and 11 more | 2025-04-20 | N/A |
| ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | ||||
| CVE-2015-8008 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-04-20 | N/A |
| The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | ||||