Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5125 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-1254 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-11-21 | N/A |
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | ||||
CVE-2016-1247 | 4 Canonical, Debian, F5 and 1 more | 4 Ubuntu Linux, Debian Linux, Nginx and 1 more | 2024-11-21 | 7.8 High |
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | ||||
CVE-2016-1238 | 5 Apache, Debian, Fedoraproject and 2 more | 5 Spamassassin, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.8 High |
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. | ||||
CVE-2016-1234 | 3 Fedoraproject, Gnu, Opensuse | 4 Fedora, Glibc, Leap and 1 more | 2024-11-21 | N/A |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. | ||||
CVE-2016-1232 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2024-11-21 | N/A |
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. | ||||
CVE-2016-1231 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2024-11-21 | N/A |
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. | ||||
CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-11-21 | 7.5 High |
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | ||||
CVE-2016-10243 | 3 Debian, Fedoraproject, Tug | 3 Debian Linux, Fedora, Tex Live | 2024-11-21 | N/A |
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | ||||
CVE-2016-10132 | 2 Artifex, Fedoraproject | 2 Mujs, Fedora | 2024-11-21 | N/A |
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. | ||||
CVE-2016-10027 | 2 Fedoraproject, Igniterealtime | 2 Fedora, Smack | 2024-11-21 | 5.9 Medium |
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. | ||||
CVE-2016-1000110 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Python and 2 more | 2024-11-21 | 6.1 Medium |
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. | ||||
CVE-2016-1000037 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Pagure | 2024-11-21 | 6.1 Medium |
Pagure: XSS possible in file attachment endpoint | ||||
CVE-2016-0787 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 5 Debian Linux, Fedora, Libssh2 and 2 more | 2024-11-21 | N/A |
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | ||||
CVE-2016-0753 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2024-11-21 | 5.3 Medium |
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. | ||||
CVE-2016-0739 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | N/A |
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | ||||
CVE-2016-0729 | 3 Fedoraproject, Redhat, Samsung | 3 Fedora, Enterprise Linux, X14j Firmware | 2024-11-21 | N/A |
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. | ||||
CVE-2016-0725 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. | ||||
CVE-2016-0724 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A |
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. | ||||
CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-11-21 | N/A |
Session fixation vulnerability in pcsd in pcs before 0.9.157. | ||||
CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. |