Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 22 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-4668
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and previous versions, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote malicious users to bypass authentication via an empty password.
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 22
Mageia Project Mageia 4
Cherokee-project Cherokee 1.2.98
Cherokee-project Cherokee 1.2.2
Cherokee-project Cherokee 1.2.101
Cherokee-project Cherokee 1.2.99
Cherokee-project Cherokee
Cherokee-project Cherokee 1.2.102
5
CVSSv2
CVE-2015-3146
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh prior to 0.6.5 do not properly validate state, which allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
Libssh Libssh
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 21
Fedoraproject Fedora 22
1 Github repository
6.8
CVSSv2
CVE-2015-4491
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf prior to 2.31.5, as used in Mozilla Firefox prior to 40.0 and Firefox ESR 38.x prior to 38.2 on Linux, Google Chrome on Linux, and other products, allows remote malicious users to execute arbitrar...
Gnome Gdk-pixbuf
Oracle Solaris 10
Oracle Solaris 11.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Fedoraproject Fedora 21
Fedoraproject Fedora 22
5
CVSSv2
CVE-2015-6855
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,...
Qemu Qemu
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 12
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Arista Eos -
4.3
CVSSv2
CVE-2015-8808
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote malicious users to cause a denial of service (uninitialized memory access) via a crafted GIF file.
Graphicsmagick Graphicsmagick
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Debuginfo 11
Suse Studio Onsite 1.3
Fedoraproject Fedora 22
4.9
CVSSv2
CVE-2015-7513
arch/x86/kvm/x86.c in the Linux kernel prior to 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_i...
Linux Linux Kernel
Linux Linux Kernel 4.4
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
6.8
CVSSv2
CVE-2015-5234
IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly sanitize applet URLs, which allows remote malicious users to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly relat...
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Server 6.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Redhat Icedtea
Redhat Icedtea 1.6
Fedoraproject Fedora 22
Fedoraproject Fedora 21
4.3
CVSSv2
CVE-2015-5235
IcedTea-Web prior to 1.5.3 and 1.6.x prior to 1.6.1 does not properly determine the origin of unsigned applets, which allows remote malicious users to bypass the approval process or trick users into approving applet execution via a crafted web page.
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Hpc Node 6
Redhat Enterprise Linux Workstation 6.0
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Redhat Icedtea
Redhat Icedtea 1.6
5
CVSSv2
CVE-2015-2080
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote malicious users to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Fedoraproject Fedora 22
Eclipse Jetty 9.3.0
Eclipse Jetty 9.2.3
Eclipse Jetty 9.2.8
Eclipse Jetty 9.2.5
Eclipse Jetty 9.2.4
Eclipse Jetty 9.2.7
Eclipse Jetty 9.2.6
1 EDB exploit
5
CVSSv2
CVE-2016-1232
The mod_dialback module in Prosody prior to 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for malicious users to spoof servers via a brute force attack.
Prosody Prosody 0.9.6
Prosody Prosody 0.9.4
Prosody Prosody 0.9.3
Prosody Prosody 0.9.2
Prosody Prosody 0.9.1
Prosody Prosody 0.9.0
Prosody Prosody
Prosody Prosody 0.9.7
Prosody Prosody 0.9.5
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Debian Debian Linux 8.0
Debian Debian Linux 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »