Filtered by vendor Fedoraproject
Subscriptions
Total
5439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1027 | 2 Fedoraproject, Lars Hjemli | 2 Fedora, Cgit | 2025-04-11 | N/A |
| Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence. | ||||
| CVE-2011-4107 | 3 Debian, Fedoraproject, Phpmyadmin | 3 Debian Linux, Fedora, Phpmyadmin | 2025-04-11 | 6.5 Medium |
| The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | ||||
| CVE-2010-4249 | 3 Fedoraproject, Linux, Redhat | 4 Fedora, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. | ||||
| CVE-2012-1146 | 3 Fedoraproject, Linux, Suse | 5 Fedora, Linux Kernel, Linux Enterprise Desktop and 2 more | 2025-04-11 | 5.5 Medium |
| The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. | ||||
| CVE-2011-2192 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2025-04-11 | N/A |
| The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | ||||
| CVE-2013-6890 | 3 Debian, Fedoraproject, Phil Schwartz | 3 Debian Linux, Fedora, Denyhosts | 2025-04-11 | N/A |
| denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | ||||
| CVE-2010-4744 | 2 Fedoraproject, Moinejf | 2 Fedora, Abcm2ps | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441. | ||||
| CVE-2013-4345 | 3 Fedoraproject, Linux, Redhat | 4 Fedora, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. | ||||
| CVE-2010-3874 | 6 Debian, Fedoraproject, Linux and 3 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. | ||||
| CVE-2010-4341 | 3 Fedorahosted, Fedoraproject, Redhat | 3 Sssd, Sssd, Enterprise Linux | 2025-04-11 | N/A |
| The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. | ||||
| CVE-2010-4204 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2025-04-11 | 9.8 Critical |
| WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2010-4197 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2025-04-11 | 9.8 Critical |
| Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. | ||||
| CVE-2010-4176 | 3 Dracut Project, Fedoraproject, Udev Project | 3 Dracut, Fedora, Udev | 2025-04-11 | N/A |
| plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | ||||
| CVE-2010-4169 | 5 Fedoraproject, Linux, Opensuse and 2 more | 8 Fedora, Linux Kernel, Opensuse and 5 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. | ||||
| CVE-2010-4162 | 5 Fedoraproject, Linux, Opensuse and 2 more | 9 Fedora, Linux Kernel, Opensuse and 6 more | 2025-04-11 | N/A |
| Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. | ||||
| CVE-2010-4001 | 2 Fedoraproject, Gromacs | 2 Fedora, Gromacs | 2025-04-11 | N/A |
| GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script | ||||
| CVE-2010-3705 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2025-04-11 | N/A |
| The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. | ||||
| CVE-2014-1481 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-04-11 | 7.5 High |
| Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. | ||||
| CVE-2011-1783 | 6 Apache, Apple, Canonical and 3 more | 6 Subversion, Mac Os X, Ubuntu Linux and 3 more | 2025-04-11 | N/A |
| The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. | ||||
| CVE-2014-0019 | 3 Dest-unreach, Fedoraproject, Opensuse | 3 Socat, Fedora, Opensuse | 2025-04-11 | N/A |
| Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. | ||||