Filtered by vendor Fedoraproject
Subscriptions
Total
5415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1321 | 8 Canonical, Debian, Fedoraproject and 5 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-11 | N/A |
| The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||||
| CVE-2010-0302 | 4 Apple, Canonical, Fedoraproject and 1 more | 10 Cups, Mac Os X, Mac Os X Server and 7 more | 2025-04-11 | 7.5 High |
| Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. | ||||
| CVE-2013-4854 | 10 Fedoraproject, Freebsd, Hp and 7 more | 12 Fedora, Freebsd, Hp-ux and 9 more | 2025-04-11 | N/A |
| The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | ||||
| CVE-2013-4283 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-11 | N/A |
| ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. | ||||
| CVE-2012-3504 | 1 Fedoraproject | 1 Crypto-utils | 2025-04-11 | N/A |
| The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. | ||||
| CVE-2013-4345 | 3 Fedoraproject, Linux, Redhat | 4 Fedora, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. | ||||
| CVE-2012-4528 | 3 Fedoraproject, Opensuse, Trustwave | 3 Fedora, Opensuse, Modsecurity | 2025-04-11 | N/A |
| The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. | ||||
| CVE-2014-0019 | 3 Dest-unreach, Fedoraproject, Opensuse | 3 Socat, Fedora, Opensuse | 2025-04-11 | N/A |
| Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. | ||||
| CVE-2012-1146 | 3 Fedoraproject, Linux, Suse | 5 Fedora, Linux Kernel, Linux Enterprise Desktop and 2 more | 2025-04-11 | 5.5 Medium |
| The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. | ||||
| CVE-2011-0495 | 3 Debian, Digium, Fedoraproject | 6 Debian Linux, Asterisk, Asterisknow and 3 more | 2025-04-11 | N/A |
| Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. | ||||
| CVE-2010-2008 | 3 Canonical, Fedoraproject, Oracle | 3 Ubuntu Linux, Fedora, Mysql | 2025-04-11 | N/A |
| MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. | ||||
| CVE-2013-6672 | 7 Canonical, Fedoraproject, Linux and 4 more | 10 Ubuntu Linux, Fedora, Linux Kernel and 7 more | 2025-04-11 | N/A |
| Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. | ||||
| CVE-2013-5619 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 9 Ubuntu Linux, Fedora, Firefox and 6 more | 2025-04-11 | N/A |
| Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| CVE-2013-5610 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 9 Ubuntu Linux, Fedora, Firefox and 6 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2013-0237 | 3 Fedoraproject, Moxiecode, Wordpress | 3 Fedora, Plupload, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2013-4589 | 3 Fedoraproject, Graphicsmagick, Novell | 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-11 | N/A |
| The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. | ||||
| CVE-2013-4550 | 2 Duckcorp, Fedoraproject | 2 Bip, Fedora | 2025-04-11 | N/A |
| Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268. | ||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2025-04-11 | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2013-2207 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2025-04-11 | N/A |
| pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. | ||||
| CVE-2013-2191 | 3 Fedoraproject, Opensuse, Python Bugzilla Project | 3 Fedora, Opensuse, Python-bugzilla | 2025-04-11 | N/A |
| python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. | ||||