Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4008 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Libtasn1 and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. | |||||
CVE-2016-4002 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | |||||
CVE-2016-4001 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | 8.6 HIGH |
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. | |||||
CVE-2016-3960 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. | |||||
CVE-2016-3959 | 3 Fedoraproject, Golang, Opensuse | 3 Fedora, Go, Leap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | |||||
CVE-2016-3720 | 2 Fasterxml, Fedoraproject | 2 Jackson-dataformat-xml, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. | |||||
CVE-2016-3704 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | |||||
CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
CVE-2016-3674 | 3 Debian, Fedoraproject, Xstream Project | 3 Debian Linux, Fedora, Xstream | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. | |||||
CVE-2016-3630 | 5 Debian, Fedoraproject, Mercurial and 2 more | 7 Debian Linux, Fedora, Mercurial and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | |||||
CVE-2016-3320 | 2 Fedoraproject, Microsoft | 5 Fedora, Windows 10, Windows 8.1 and 2 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass." | |||||
CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2024-11-21 | 1.7 LOW | 3.8 LOW |
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2024-11-21 | 1.7 LOW | 3.8 LOW |
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
CVE-2016-3144 | 2 Fedoraproject, Fourkitchens | 2 Fedora, Block Class | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. | |||||
CVE-2016-3125 | 3 Fedoraproject, Opensuse, Proftpd | 3 Fedora, Opensuse, Proftpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | |||||
CVE-2016-3110 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | |||||
CVE-2016-3096 | 2 Fedoraproject, Redhat | 2 Fedora, Ansible | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | |||||
CVE-2016-3095 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||||
CVE-2016-3075 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Glibc and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | |||||
CVE-2016-3074 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. |