Search Results (5439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5258 2 Fedoraproject, Vmware 2 Fedora, Spring Social 2025-04-20 8.8 High
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
CVE-2015-5070 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2025-04-20 N/A
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
CVE-2015-4645 2 Fedoraproject, Squashfs Project 2 Fedora, Squashfs 2025-04-20 5.5 Medium
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.
CVE-2015-7977 9 Canonical, Debian, Fedoraproject and 6 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-20 5.9 Medium
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
CVE-2016-3696 3 Fedoraproject, Pulpproject, Redhat 4 Fedora, Pulp, Satellite and 1 more 2025-04-20 N/A
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
CVE-2016-2090 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-20 9.8 Critical
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
CVE-2015-8567 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-04-20 7.7 High
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2016-9811 4 Debian, Fedoraproject, Gstreamer and 1 more 10 Debian Linux, Fedora, Gstreamer and 7 more 2025-04-20 4.7 Medium
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
CVE-2015-5195 5 Canonical, Debian, Fedoraproject and 2 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2025-04-20 N/A
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVE-2017-11610 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Cloudforms and 2 more 2025-04-20 N/A
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
CVE-2016-9956 3 Debian, Fedoraproject, Flightgear 3 Debian Linux, Fedora, Flightgear 2025-04-20 N/A
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
CVE-2016-6342 2 Elog Project, Fedoraproject 2 Elog, Fedora 2025-04-20 7.5 High
elog 3.1.1 allows remote attackers to post data as any username in the logbook.
CVE-2016-9243 3 Canonical, Cryptography.io, Fedoraproject 3 Ubuntu Linux, Cryptography, Fedora 2025-04-20 7.5 High
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVE-2016-9085 2 Fedoraproject, Webmproject 2 Fedora, Libwebp 2025-04-20 3.3 Low
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
CVE-2017-11462 2 Fedoraproject, Mit 2 Fedora, Kerberos 5 2025-04-20 N/A
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
CVE-2016-9299 2 Fedoraproject, Jenkins 2 Fedora, Jenkins 2025-04-20 N/A
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
CVE-2016-9108 2 Artifex, Fedoraproject 2 Mujs, Fedora 2025-04-20 7.5 High
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
CVE-2016-9397 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-8887 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 N/A
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVE-2016-8884 3 Fedoraproject, Jasper Project, Redhat 3 Fedora, Jasper, Enterprise Linux 2025-04-20 N/A
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.