Filtered by vendor Fedoraproject
Subscribe
Total
5385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6323 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Glibc, Opensuse | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. | |||||
| CVE-2016-6185 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. | |||||
| CVE-2016-6233 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | |||||
| CVE-2016-5421 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-6153 | 3 Fedoraproject, Opensuse, Sqlite | 3 Fedora, Leap, Sqlite | 2023-11-07 | 4.6 MEDIUM | 5.9 MEDIUM |
| os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | |||||
| CVE-2016-5407 | 2 Fedoraproject, X.org | 2 Fedora, Libxv | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. | |||||
| CVE-2016-6254 | 3 Collectd, Debian, Fedoraproject | 3 Collectd, Debian Linux, Fedora | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. | |||||
| CVE-2016-5178 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2016-4544 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Leap and 2 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | |||||
| CVE-2016-4609 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Icloud, Iphone Os, Itunes and 7 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. | |||||
| CVE-2016-4539 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. | |||||
| CVE-2016-4542 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | |||||
| CVE-2016-4541 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | |||||
| CVE-2016-4861 | 2 Fedoraproject, Zend | 2 Fedora, Zend Framework | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | |||||
| CVE-2016-4608 | 4 Apple, Fedoraproject, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | |||||
| CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 9 Fedora, Hp-ux, Bind and 6 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |||||
| CVE-2016-4540 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | |||||
| CVE-2016-3075 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Glibc and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | |||||
| CVE-2016-3959 | 3 Fedoraproject, Golang, Opensuse | 3 Fedora, Go, Leap | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | |||||
| CVE-2016-4538 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. | |||||