Total
1959 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9637 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Patch and 1 more | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | |||||
CVE-2014-9092 | 3 Canonical, Fedoraproject, Libjpeg-turbo | 3 Ubuntu Linux, Fedora, Libjpeg-turbo | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | |||||
CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2016-9960 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | |||||
CVE-2017-12843 | 2 Cyrusimap, Fedoraproject | 2 Cyrus Imap, Fedora | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | |||||
CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
CVE-2015-5146 | 3 Debian, Fedoraproject, Ntp | 3 Debian Linux, Fedora, Ntp | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. | |||||
CVE-2015-5203 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 5 Fedora, Jasper, Leap and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |||||
CVE-2017-16818 | 2 Fedoraproject, Redhat | 2 Fedora, Ceph | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. | |||||
CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | |||||
CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||
CVE-2016-4796 | 2 Fedoraproject, Uclouvain | 2 Fedora, Openjpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. | |||||
CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 9 Debian Linux, Fedora, Gstreamer and 6 more | 2023-12-10 | 4.3 MEDIUM | 4.7 MEDIUM |
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | |||||
CVE-2016-8691 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. | |||||
CVE-2016-8884 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. | |||||
CVE-2015-1838 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||||
CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | |||||
CVE-2017-6312 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | |||||
CVE-2016-8692 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | |||||
CVE-2017-5849 | 2 Fedoraproject, Netpbm Project | 2 Fedora, Netpbm | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. |