Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 2132 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6299 2 Fedoraproject, Mock Project 2 Fedora, Scm Plugin 2023-12-10 9.3 HIGH 7.8 HIGH
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
CVE-2016-10132 2 Artifex, Fedoraproject 2 Mujs, Fedora 2023-12-10 5.0 MEDIUM 7.5 HIGH
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
CVE-2016-9446 3 Fedoraproject, Gstreamer Project, Redhat 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2016-7970 2 Fedoraproject, Libass Project 2 Fedora, Libass 2023-12-10 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-7972 3 Fedoraproject, Libass Project, Opensuse 4 Fedora, Libass, Leap and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
CVE-2016-7952 2 Fedoraproject, X.org 2 Fedora, Libxtst 2023-12-10 5.0 MEDIUM 7.5 HIGH
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
CVE-2016-9397 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2023-12-10 5.0 MEDIUM 7.5 HIGH
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-5357 2 Fedoraproject, Gnu 2 Fedora, Ed 2023-12-10 5.0 MEDIUM 7.5 HIGH
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
CVE-2017-5330 2 Fedoraproject, Kde 2 Fedora, Ark 2023-12-10 6.8 MEDIUM 7.8 HIGH
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
CVE-2016-6866 2 Fedoraproject, Suckless 2 Fedora, Slock 2023-12-10 5.0 MEDIUM 7.5 HIGH
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
CVE-2016-0720 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2023-12-10 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
CVE-2014-9114 3 Fedoraproject, Kernel, Opensuse 3 Fedora, Util-linux, Opensuse 2023-12-10 7.2 HIGH 7.8 HIGH
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
CVE-2016-5177 5 Debian, Fedoraproject, Google and 2 more 7 Debian Linux, Fedora, Chrome and 4 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-9398 4 Fedoraproject, Jasper Project, Opensuse and 1 more 6 Fedora, Jasper, Leap and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-5884 2 Fedoraproject, Gnome 2 Fedora, Gtk-vnc 2023-12-10 6.8 MEDIUM 7.8 HIGH
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVE-2016-7946 2 Fedoraproject, X.org 2 Fedora, Libxi 2023-12-10 5.0 MEDIUM 7.5 HIGH
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
CVE-2017-6313 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2023-12-10 5.8 MEDIUM 7.1 HIGH
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2016-9399 3 Fedoraproject, Jasper Project, Opensuse 3 Fedora, Jasper, Leap 2023-12-10 5.0 MEDIUM 7.5 HIGH
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9243 3 Canonical, Cryptography.io, Fedoraproject 3 Ubuntu Linux, Cryptography, Fedora 2023-12-10 5.0 MEDIUM 7.5 HIGH
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVE-2016-2334 3 7-zip, Fedoraproject, Oracle 3 7-zip, Fedora, Solaris 2023-12-10 9.3 HIGH 7.8 HIGH
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.