Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5125 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-4002 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 9.8 Critical
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
CVE-2016-4001 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 8.6 High
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
CVE-2016-3960 3 Fedoraproject, Oracle, Xen 3 Fedora, Vm Server, Xen 2024-11-21 N/A
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
CVE-2016-3959 4 Fedoraproject, Golang, Opensuse and 1 more 4 Fedora, Go, Leap and 1 more 2024-11-21 N/A
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
CVE-2016-3720 2 Fasterxml, Fedoraproject 2 Jackson-dataformat-xml, Fedora 2024-11-21 9.8 Critical
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
CVE-2016-3704 3 Fedoraproject, Pulpproject, Redhat 4 Fedora, Pulp, Satellite and 1 more 2024-11-21 N/A
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVE-2016-3696 3 Fedoraproject, Pulpproject, Redhat 4 Fedora, Pulp, Satellite and 1 more 2024-11-21 N/A
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
CVE-2016-3674 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Jboss Bpms and 2 more 2024-11-21 N/A
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
CVE-2016-3630 5 Debian, Fedoraproject, Mercurial and 2 more 7 Debian Linux, Fedora, Mercurial and 4 more 2024-11-21 8.8 High
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
CVE-2016-3320 2 Fedoraproject, Microsoft 5 Fedora, Windows 10, Windows 8.1 and 2 more 2024-11-21 N/A
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass."
CVE-2016-3159 4 Debian, Fedoraproject, Oracle and 1 more 4 Debian Linux, Fedora, Vm Server and 1 more 2024-11-21 N/A
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
CVE-2016-3158 3 Fedoraproject, Oracle, Xen 3 Fedora, Vm Server, Xen 2024-11-21 N/A
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
CVE-2016-3144 2 Fedoraproject, Fourkitchens 2 Fedora, Block Class 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.
CVE-2016-3125 3 Fedoraproject, Opensuse, Proftpd 3 Fedora, Opensuse, Proftpd 2024-11-21 N/A
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
CVE-2016-3110 2 Fedoraproject, Redhat 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2024-11-21 N/A
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
CVE-2016-3096 2 Fedoraproject, Redhat 2 Fedora, Ansible 2024-11-21 N/A
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
CVE-2016-3095 2 Fedoraproject, Pulpproject 2 Fedora, Pulp 2024-11-21 N/A
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CVE-2016-3075 5 Canonical, Fedoraproject, Gnu and 2 more 5 Ubuntu Linux, Fedora, Glibc and 2 more 2024-11-21 N/A
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2016-3074 7 Canonical, Debian, Fedoraproject and 4 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 9.8 Critical
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVE-2016-3071 2 Fedoraproject, Libreswan 2 Fedora, Libreswan 2024-11-21 N/A
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.