Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5125 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-7201 4 Fedoraproject, Mozilla, Opensuse and 1 more 5 Fedora, Firefox, Leap and 2 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-6938 4 Fedoraproject, Ipython, Jupyter and 1 more 4 Fedora, Notebook, Notebook and 1 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.
CVE-2015-6855 6 Arista, Canonical, Debian and 3 more 7 Eos, Ubuntu Linux, Debian Linux and 4 more 2024-11-21 7.5 High
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
CVE-2015-6816 2 Fedoraproject, Ganglia 2 Fedora, Ganglia-web 2024-11-21 N/A
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
CVE-2015-6815 7 Arista, Canonical, Fedoraproject and 4 more 11 Eos, Ubuntu Linux, Fedora and 8 more 2024-11-21 3.5 Low
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2015-6665 3 Chaos Tool Suite Project, Drupal, Fedoraproject 3 Ctools, Drupal, Fedora 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.
CVE-2015-6566 2 Fedoraproject, Zarafa 2 Fedora, Zarafa Collaboration Platform 2024-11-21 N/A
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
CVE-2015-6524 2 Apache, Fedoraproject 2 Activemq, Fedora 2024-11-21 N/A
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
CVE-2015-5745 3 Arista, Fedoraproject, Qemu 3 Eos, Fedora, Qemu 2024-11-21 6.5 Medium
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
CVE-2015-5740 3 Fedoraproject, Golang, Redhat 7 Fedora, Go, Enterprise Linux and 4 more 2024-11-21 N/A
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.
CVE-2015-5739 3 Fedoraproject, Golang, Redhat 7 Fedora, Go, Enterprise Linux and 4 more 2024-11-21 N/A
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."
CVE-2015-5705 2 Devscripts Devel Team, Fedoraproject 2 Devscripts, Fedora 2024-11-21 N/A
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
CVE-2015-5704 2 Devscripts Devel Team, Fedoraproject 2 Devscripts, Fedora 2024-11-21 N/A
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVE-2015-5607 2 Fedoraproject, Ipython 2 Fedora, Ipython 2024-11-21 N/A
Cross-site request forgery in the REST API in IPython 2 and 3.
CVE-2015-5400 3 Debian, Fedoraproject, Squid-cache 3 Debian Linux, Fedora, Squid 2024-11-21 N/A
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
CVE-2015-5300 7 Canonical, Debian, Fedoraproject and 4 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-11-21 N/A
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVE-2015-5295 4 Fedoraproject, Openstack, Oracle and 1 more 4 Fedora, Orchestration Api, Solaris and 1 more 2024-11-21 N/A
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
CVE-2015-5291 5 Arm, Debian, Fedoraproject and 2 more 6 Mbed Tls, Debian Linux, Fedora and 3 more 2024-11-21 N/A
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
CVE-2015-5278 4 Arista, Canonical, Fedoraproject and 1 more 4 Eos, Ubuntu Linux, Fedora and 1 more 2024-11-21 6.5 Medium
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-5262 3 Apache, Canonical, Fedoraproject 3 Httpclient, Ubuntu Linux, Fedora 2024-11-21 N/A
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.