National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:fedoraproject:fedora:23
There are 148 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-8008

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Published: December 29, 2017; 05:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-7687

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

Published: October 16, 2017; 02:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

Published: August 24, 2017; 04:29:00 PM -04:00
V3: 5.3 MEDIUM
V2: 3.5 LOW
CVE-2015-5258

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

Published: August 22, 2017; 02:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2015-6816

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

Published: August 09, 2017; 02:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: August 02, 2017; 03:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: July 25, 2017; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Published: July 21, 2017; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-5195

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Published: July 21, 2017; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

Published: June 13, 2017; 01:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-2173

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

Published: April 21, 2017; 04:59:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157.

Published: April 21, 2017; 11:59:00 AM -04:00
V3: 8.1 HIGH
V2: 4.3 MEDIUM
CVE-2016-0720

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Published: April 21, 2017; 11:59:00 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

Published: April 14, 2017; 02:59:00 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

Published: April 13, 2017; 01:59:00 PM -04:00
V3: 7.7 HIGH
V2: 6.8 MEDIUM
CVE-2015-1839

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Published: April 13, 2017; 10:59:00 AM -04:00
V3: 5.3 MEDIUM
V2: 4.6 MEDIUM
CVE-2015-1838

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Published: April 13, 2017; 10:59:00 AM -04:00
V3: 5.3 MEDIUM
V2: 4.6 MEDIUM
CVE-2016-8884

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.

Published: March 28, 2017; 10:59:00 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-8887

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

Published: March 23, 2017; 02:59:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM