Lucene search

K
FedoraprojectFedora

5307 matches found

CVE
CVE
added 2016/06/13 7:59 p.m.51 views

CVE-2016-4414

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

7.5CVSS7.1AI score0.02898EPSS
CVE
CVE
added 2019/11/27 4:15 p.m.51 views

CVE-2016-4980

A password generation weakness exists in xquest through 2016-06-13.

2.5CVSS3.8AI score0.00129EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.51 views

CVE-2016-9085

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

3.3CVSS4AI score0.00105EPSS
CVE
CVE
added 2017/03/23 6:59 p.m.51 views

CVE-2016-9397

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

7.5CVSS7AI score0.01797EPSS
CVE
CVE
added 2017/08/29 6:29 a.m.51 views

CVE-2017-13747

There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.0101EPSS
CVE
CVE
added 2017/08/29 6:29 a.m.51 views

CVE-2017-13750

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.01636EPSS
CVE
CVE
added 2019/01/15 9:29 p.m.51 views

CVE-2019-0001

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...

7.5CVSS7.5AI score0.0066EPSS
CVE
CVE
added 2019/02/08 11:29 a.m.51 views

CVE-2019-7639

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.

8.1CVSS7.8AI score0.0035EPSS
CVE
CVE
added 2019/02/17 2:29 a.m.51 views

CVE-2019-8376

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly ha...

7.8CVSS7.8AI score0.00214EPSS
CVE
CVE
added 2020/12/18 8:15 a.m.51 views

CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

6.1CVSS5.9AI score0.00397EPSS
CVE
CVE
added 2020/12/31 10:15 a.m.51 views

CVE-2020-35884

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.

6.5CVSS6.2AI score0.00239EPSS
CVE
CVE
added 2021/08/11 1:15 p.m.51 views

CVE-2021-0004

Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.

4.4CVSS4.6AI score0.00135EPSS
CVE
CVE
added 2023/04/12 5:15 p.m.51 views

CVE-2023-0004

A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.

6.5CVSS6.3AI score0.00433EPSS
CVE
CVE
added 2023/09/05 7:15 a.m.51 views

CVE-2023-41909

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

7.5CVSS8AI score0.00078EPSS
CVE
CVE
added 2023/10/31 5:15 p.m.51 views

CVE-2023-43796

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96....

5.3CVSS5AI score0.00167EPSS
CVE
CVE
added 2024/02/20 4:15 p.m.51 views

CVE-2024-23305

An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.5AI score0.00644EPSS
CVE
CVE
added 2024/08/02 9:16 p.m.51 views

CVE-2024-3056

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources unti...

7.7CVSS5.1AI score0.00232EPSS
CVE
CVE
added 2011/02/18 5:0 p.m.50 views

CVE-2010-3441

Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.

7.5CVSS7.8AI score0.05368EPSS
CVE
CVE
added 2019/11/07 6:15 p.m.50 views

CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

4.3CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2013/11/18 2:55 a.m.50 views

CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

5CVSS7.5AI score0.01057EPSS
CVE
CVE
added 2019/11/04 9:15 p.m.50 views

CVE-2013-4409

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

9.8CVSS9.2AI score0.01166EPSS
CVE
CVE
added 2013/12/24 6:55 p.m.50 views

CVE-2013-4550

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a dif...

5.1CVSS6.6AI score0.01003EPSS
CVE
CVE
added 2020/01/28 3:15 p.m.50 views

CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

7.5CVSS7.1AI score0.01988EPSS
CVE
CVE
added 2018/10/01 8:29 a.m.50 views

CVE-2018-17825

An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.

9.8CVSS9.4AI score0.0049EPSS
CVE
CVE
added 2019/02/17 2:29 a.m.50 views

CVE-2019-8381

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impac...

7.8CVSS6.7AI score0.0023EPSS
CVE
CVE
added 2021/03/03 6:15 p.m.50 views

CVE-2020-28591

An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

8.6CVSS5.9AI score0.00324EPSS
CVE
CVE
added 2020/12/15 6:15 p.m.50 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using...

6CVSS6.8AI score0.00064EPSS
CVE
CVE
added 2022/03/10 5:42 p.m.50 views

CVE-2021-34338

Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

6.5CVSS6.4AI score0.00226EPSS
CVE
CVE
added 2022/01/13 1:15 a.m.50 views

CVE-2022-0196

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

8.8CVSS6.9AI score0.00148EPSS
CVE
CVE
added 2014/01/13 9:55 p.m.49 views

CVE-2010-0746

Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.

6.2CVSS6.9AI score0.00025EPSS
CVE
CVE
added 2010/11/06 12:0 a.m.49 views

CVE-2010-4198

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

8.8CVSS9.1AI score0.01284EPSS
CVE
CVE
added 2019/11/14 5:15 p.m.49 views

CVE-2012-1170

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

7.5CVSS7.5AI score0.00467EPSS
CVE
CVE
added 2012/11/20 12:55 a.m.49 views

CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

4.3CVSS6.1AI score0.00546EPSS
CVE
CVE
added 2014/06/02 3:55 p.m.49 views

CVE-2013-2014

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

5CVSS6.5AI score0.0276EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.49 views

CVE-2014-1527

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

5CVSS8.8AI score0.00846EPSS
CVE
CVE
added 2014/10/13 1:55 a.m.49 views

CVE-2014-1571

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

4CVSS5.6AI score0.00574EPSS
CVE
CVE
added 2014/05/08 2:29 p.m.49 views

CVE-2014-1685

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

5.5CVSS9.1AI score0.00394EPSS
CVE
CVE
added 2015/03/30 2:59 p.m.49 views

CVE-2015-1827

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.

5CVSS6.3AI score0.01175EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.49 views

CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

4.7CVSS4.8AI score0.0011EPSS
CVE
CVE
added 2016/02/20 1:59 a.m.49 views

CVE-2016-2042

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

5.3CVSS5.1AI score0.00603EPSS
CVE
CVE
added 2021/11/03 5:15 p.m.49 views

CVE-2021-27836

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.

6.5CVSS6AI score0.00421EPSS
CVE
CVE
added 2022/03/10 5:42 p.m.49 views

CVE-2021-34339

Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

6.5CVSS6.4AI score0.00226EPSS
CVE
CVE
added 2022/01/10 4:15 p.m.49 views

CVE-2022-0157

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4CVSS5.5AI score0.004EPSS
CVE
CVE
added 2023/09/05 10:15 p.m.49 views

CVE-2023-39358

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the reports_user.php file. In ajax_get_...

8.8CVSS9AI score0.03993EPSS
CVE
CVE
added 2023/09/05 9:15 p.m.49 views

CVE-2023-39513

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti acco...

6.1CVSS6.6AI score0.00418EPSS
CVE
CVE
added 2008/07/18 4:41 p.m.48 views

CVE-2008-3220

Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."

4.3CVSS6.5AI score0.00393EPSS
CVE
CVE
added 2008/07/18 4:41 p.m.48 views

CVE-2008-3222

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

5.8CVSS6.2AI score0.00952EPSS
CVE
CVE
added 2009/06/03 5:0 p.m.48 views

CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

4.3CVSS5.8AI score0.01916EPSS
CVE
CVE
added 2019/11/25 2:15 p.m.48 views

CVE-2012-5630

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

6.3CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2014/02/04 9:55 p.m.48 views

CVE-2014-0019

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.

1.9CVSS6.4AI score0.00086EPSS
Total number of security vulnerabilities5307