Export limit exceeded: 351342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5376 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6866 | 2 Fedoraproject, Suckless | 2 Fedora, Slock | 2025-04-20 | N/A |
| slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. | ||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2025-04-20 | N/A |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | ||||
| CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2025-04-20 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | ||||
| CVE-2016-7969 | 3 Fedoraproject, Libass Project, Opensuse | 4 Fedora, Libass, Leap and 1 more | 2025-04-20 | 7.5 High |
| The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | ||||
| CVE-2016-4796 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2025-04-20 | N/A |
| Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | ||||
| CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2025-04-20 | N/A |
| Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2016-5391 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2025-04-20 | N/A |
| libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). | ||||
| CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2025-04-20 | N/A |
| The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | ||||
| CVE-2016-2173 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Advanced Message Queuing Protocol | 2025-04-20 | 9.8 Critical |
| org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | ||||
| CVE-2016-3095 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | N/A |
| server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | ||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | ||||
| CVE-2016-10243 | 3 Debian, Fedoraproject, Tug | 3 Debian Linux, Fedora, Tex Live | 2025-04-20 | N/A |
| TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | ||||
| CVE-2016-3704 | 3 Fedoraproject, Pulpproject, Redhat | 4 Fedora, Pulp, Satellite and 1 more | 2025-04-20 | N/A |
| Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | ||||
| CVE-2016-8569 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2025-04-20 | N/A |
| The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | ||||
| CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2025-04-20 | N/A |
| The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | ||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2025-04-20 | 7.5 High |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | ||||
| CVE-2015-5739 | 3 Fedoraproject, Golang, Redhat | 7 Fedora, Go, Enterprise Linux and 4 more | 2025-04-20 | N/A |
| The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." | ||||
| CVE-2015-5203 | 5 Fedoraproject, Jasper Project, Opensuse and 2 more | 6 Fedora, Jasper, Leap and 3 more | 2025-04-20 | N/A |
| Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | ||||
| CVE-2015-7687 | 2 Fedoraproject, Openbsd | 2 Fedora, Opensmtpd | 2025-04-20 | N/A |
| Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. | ||||
| CVE-2015-5070 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-20 | N/A |
| The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. | ||||