VYPR

Vendor CVEs

Fedoraproject

All CVEs

833 total · sorted by risk
  • CVE-2019-12098HigMay 15, 2019
    risk 0.41cvss 7.4epss 0.02

    In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

  • CVE-2016-4008MedMay 5, 2016
    risk 0.41cvss 5.9epss 0.30

    The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

  • CVE-2016-4482MedMay 23, 2016
    risk 0.40cvss 6.2epss 0.01

    The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

  • CVE-2016-0725MedFeb 22, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search…

  • CVE-2016-1926MedJan 26, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.

  • CVE-2014-1530MedApr 30, 2014
    risk 0.40cvss 6.1epss 0.02

    The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks,…

  • CVE-2008-2951MedJul 27, 2008
    risk 0.40cvss 6.1epss 0.02

    Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

  • CVE-2023-48795MedDec 18, 2023
    risk 0.39cvss 5.9epss 0.93

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…

  • CVE-2023-4806MedSep 18, 2023
    risk 0.39cvss 5.9epss 0.01

    A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and…

  • CVE-2015-3229MedOct 16, 2017
    risk 0.39cvss 5.9epss 0.02

    fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.

  • CVE-2015-3420MedSep 19, 2017
    risk 0.39cvss 5.9epss 0.03

    The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

  • CVE-2015-7977MedJan 30, 2017
    risk 0.39cvss 5.9epss 0.06

    ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

  • CVE-2016-4037MedMay 23, 2016
    risk 0.39cvss 6.0epss 0.00

    The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

  • CVE-2016-0787MedApr 13, 2016
    risk 0.39cvss 5.9epss 0.03

    The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

  • CVE-2016-0739MedApr 13, 2016
    risk 0.39cvss 5.9epss 0.02

    libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified…

  • CVE-2016-2316MedFeb 22, 2016
    risk 0.39cvss 5.9epss 0.05

    chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to…

  • CVE-2016-1231MedJan 12, 2016
    risk 0.39cvss 5.9epss 0.03

    Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.

  • CVE-2013-6673MedDec 11, 2013
    risk 0.39cvss 5.9epss 0.03

    Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic…

  • CVE-2011-4107MedNov 17, 2011
    risk 0.39cvss 6.5epss 0.13

    The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external…

  • CVE-2009-3621MedOct 22, 2009
    risk 0.39cvss 5.5epss 0.01

    net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect…

  • CVE-2008-4989MedNov 13, 2008
    risk 0.39cvss 5.9epss 0.02

    The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed…

  • CVE-2020-1971MedDec 8, 2020
    risk 0.38cvss 5.9epss 0.07

    The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This…

  • CVE-2016-6225MedMar 23, 2017
    risk 0.38cvss 5.9epss 0.01

    xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack.…

  • CVE-2016-6153MedSep 26, 2016
    risk 0.38cvss 5.9epss 0.00

    os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current…

  • CVE-2015-3195MedDec 6, 2015
    risk 0.38cvss 5.3epss 0.39

    The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information…

  • CVE-2024-27834MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

  • CVE-2024-27013MedMay 1, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents.…

  • CVE-2024-27004MedMay 1, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted…

  • CVE-2020-28941MedNov 19, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line…

  • CVE-2015-5203MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.02

    Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2016-3696MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.

  • CVE-2016-3095MedJun 8, 2017
    risk 0.36cvss 5.5epss 0.00

    server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.

  • CVE-2016-9960MedJun 6, 2017
    risk 0.36cvss 5.5epss 0.01

    game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

  • CVE-2016-8884MedMar 28, 2017
    risk 0.36cvss 5.5epss 0.02

    The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-8887MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

  • CVE-2017-5849MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

  • CVE-2017-6314MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.02

    The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

  • CVE-2017-6312MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

  • CVE-2016-8692MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

  • CVE-2016-8691MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

  • CVE-2016-8690MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

  • CVE-2016-4797MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

  • CVE-2016-4796MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.04

    Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

  • CVE-2016-8569MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

  • CVE-2016-8568MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

  • CVE-2016-6494MedOct 3, 2016
    risk 0.36cvss 5.5epss 0.00

    The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

  • CVE-2015-8808MedJul 13, 2016
    risk 0.36cvss 5.5epss 0.02

    The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

  • CVE-2015-7555MedApr 13, 2016
    risk 0.36cvss 5.5epss 0.01

    Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.

  • CVE-2016-2166MedApr 12, 2016
    risk 0.36cvss 6.5epss 0.04

    The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow…

  • CVE-2012-5656MedJan 18, 2013
    risk 0.36cvss 5.5epss 0.01

    The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Page 7 of 17