Search Results (5376 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5705 2 Devscripts Devel Team, Fedoraproject 2 Devscripts, Fedora 2025-04-20 N/A
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
CVE-2015-5704 2 Devscripts Devel Team, Fedoraproject 2 Devscripts, Fedora 2025-04-20 N/A
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVE-2015-5607 2 Fedoraproject, Ipython 2 Fedora, Ipython 2025-04-20 N/A
Cross-site request forgery in the REST API in IPython 2 and 3.
CVE-2015-5258 2 Fedoraproject, Vmware 2 Fedora, Spring Social 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
CVE-2017-1000050 4 Canonical, Fedoraproject, Jasper Project and 1 more 7 Ubuntu Linux, Fedora, Jasper and 4 more 2025-04-20 7.5 High
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVE-2015-5146 3 Debian, Fedoraproject, Ntp 3 Debian Linux, Fedora, Ntp 2025-04-20 N/A
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
CVE-2015-5070 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2025-04-20 N/A
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
CVE-2016-10027 2 Fedoraproject, Igniterealtime 2 Fedora, Smack 2025-04-20 5.9 Medium
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVE-2015-4645 2 Fedoraproject, Squashfs Project 2 Fedora, Squashfs 2025-04-20 5.5 Medium
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.
CVE-2015-5069 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2025-04-20 N/A
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
CVE-2015-1839 2 Fedoraproject, Saltstack 2 Fedora, Salt 2025-04-20 N/A
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2016-2090 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-20 9.8 Critical
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
CVE-2015-5195 5 Canonical, Debian, Fedoraproject and 2 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2025-04-20 N/A
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVE-2015-8567 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-04-20 7.7 High
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2016-9960 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2025-04-20 N/A
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2016-9956 3 Debian, Fedoraproject, Flightgear 3 Debian Linux, Fedora, Flightgear 2025-04-20 N/A
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
CVE-2016-9961 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2025-04-20 N/A
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-8691 4 Debian, Fedoraproject, Jasper Project and 1 more 4 Debian Linux, Fedora, Jasper and 1 more 2025-04-20 N/A
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
CVE-2015-1854 3 Debian, Fedoraproject, Redhat 4 Debian Linux, 389 Directory Server, Fedora and 1 more 2025-04-20 N/A
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVE-2016-9811 4 Debian, Fedoraproject, Gstreamer and 1 more 10 Debian Linux, Fedora, Gstreamer and 7 more 2025-04-20 4.7 Medium
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.