Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 23 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-2146
The am_read_post_data function in mod_auth_mellon prior to 0.11.1 does not limit the amount of data read, which allows remote malicious users to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
Fedoraproject Fedora 23
Uninett Mod Auth Mellon
7.5
CVSSv3
CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x prior to 0.10.42, 0.11.6 up to and including 0.11.16, 0.12.x prior to 0.12.10, 4.x prior to 4.3.0, and 5.x prior to 5.6.0 allows remote malicious users to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unico...
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.11
Nodejs Node.js 4.0.0
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.4
Nodejs Node.js 0.12.4
Nodejs Node.js 0.10.41
Nodejs Node.js 0.10.20
Nodejs Node.js 0.10.18
Nodejs Node.js 0.10.39
Nodejs Node.js 0.11.7
Nodejs Node.js 0.10.29
Nodejs Node.js 5.2.0
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.2
Nodejs Node.js 5.5.0
Nodejs Node.js 0.10.30
Nodejs Node.js 0.12.7
Nodejs Node.js 0.11.6
Nodejs Node.js 0.11.14
Nodejs Node.js 0.10.25
Nodejs Node.js 0.10.14
26 Github repositories
1 Article
7.5
CVSSv3
CVE-2016-2086
Node.js 0.10.x prior to 0.10.42, 0.12.x prior to 0.12.10, 4.x prior to 4.3.0, and 5.x prior to 5.6.0 allow remote malicious users to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.11
Nodejs Node.js 4.0.0
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.4
Nodejs Node.js 0.12.4
Nodejs Node.js 0.10.41
Nodejs Node.js 0.10.20
Nodejs Node.js 0.10.18
Nodejs Node.js 0.10.39
Nodejs Node.js 0.10.29
Nodejs Node.js 5.2.0
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.2
Nodejs Node.js 5.5.0
Nodejs Node.js 0.10.30
Nodejs Node.js 0.12.7
Nodejs Node.js 0.10.25
Nodejs Node.js 0.10.14
Nodejs Node.js 4.1.1
Nodejs Node.js 4.2.3
Nodejs Node.js 5.4.0
1 Article
7.5
CVSSv3
CVE-2016-3125
The mod_tls module in ProFTPD prior to 1.3.5b and 1.3.6 prior to 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow malicious users to have unspecified impact via unkno...
Proftpd Proftpd
Proftpd Proftpd 1.3.6
Opensuse Opensuse 13.1
Fedoraproject Fedora 22
Fedoraproject Fedora 23
7.5
CVSSv3
CVE-2016-2041
libraries/common.inc.php in phpMyAdmin 4.0.x prior to 4.0.10.13, 4.4.x prior to 4.4.15.3, and 4.5.x prior to 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote malicious users to bypass intended access restrictions by measurin...
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 4.4.13.1
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.2
Phpmyadmin Phpmyadmin 4.4.1.1
Phpmyadmin Phpmyadmin 4.4.15
Phpmyadmin Phpmyadmin 4.4.6.1
Phpmyadmin Phpmyadmin 4.0.10.10
Phpmyadmin Phpmyadmin 4.4.0
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.9
Phpmyadmin Phpmyadmin 4.0.10
Phpmyadmin Phpmyadmin 4.5.1
Phpmyadmin Phpmyadmin 4.0.10.4
Phpmyadmin Phpmyadmin 4.5.0.2
Phpmyadmin Phpmyadmin 4.4.8
Phpmyadmin Phpmyadmin 4.0.10.1
Phpmyadmin Phpmyadmin 4.5.2
Phpmyadmin Phpmyadmin 4.5.0
7.5
CVSSv3
CVE-2016-1232
The mod_dialback module in Prosody prior to 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for malicious users to spoof servers via a brute force attack.
Prosody Prosody 0.9.3
Prosody Prosody
Prosody Prosody 0.9.6
Prosody Prosody 0.9.5
Prosody Prosody 0.9.2
Prosody Prosody 0.9.7
Prosody Prosody 0.9.0
Prosody Prosody 0.9.4
Prosody Prosody 0.9.1
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Debian Debian Linux 8.0
Debian Debian Linux 7.0
7.5
CVSSv3
CVE-2015-6855
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,...
Qemu Qemu
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Suse Linux Enterprise Server 12
Suse Linux Enterprise Desktop 12
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Arista Eos -
7.4
CVSSv3
CVE-2015-8466
Swift3 prior to 1.9 allows remote malicious users to conduct replay attacks via an Authorization request that lacks a Date header.
Fedoraproject Fedora 23
Openstack Swift3
7.4
CVSSv3
CVE-2015-8400
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) prior to 2.19 makes it easier for remote malicious users to conduct DNS rebinding attacks via the "/plain" URL.
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Shellinabox Project Shellinabox
6.8
CVSSv3
CVE-2016-2312
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
Kde Kscreenlocker
Kde Plasma-workspace
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Opensuse Leap 42.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »