Filtered by vendor Fedoraproject
Subscribe
Total
5124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8692 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | |||||
CVE-2016-2173 | 2 Fedoraproject, Vmware | 2 Fedora, Spring Advanced Message Queuing Protocol | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | |||||
CVE-2017-5849 | 2 Fedoraproject, Netpbm Project | 2 Fedora, Netpbm | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. | |||||
CVE-2016-2312 | 3 Fedoraproject, Kde, Opensuse | 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | |||||
CVE-2016-5178 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2016-6866 | 2 Fedoraproject, Suckless | 2 Fedora, Slock | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. | |||||
CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
CVE-2016-9299 | 2 Fedoraproject, Jenkins | 2 Fedora, Jenkins | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | |||||
CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | |||||
CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
CVE-2014-9114 | 3 Fedoraproject, Kernel, Opensuse | 3 Fedora, Util-linux, Opensuse | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | |||||
CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-9398 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 6 Fedora, Jasper, Leap and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
CVE-2016-7951 | 2 Fedoraproject, X | 2 Fedora, Libxtst | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | |||||
CVE-2017-5884 | 2 Fedoraproject, Gnome | 2 Fedora, Gtk-vnc | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | |||||
CVE-2016-7946 | 2 Fedoraproject, X.org | 2 Fedora, Libxi | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | |||||
CVE-2017-6314 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |||||
CVE-2017-6313 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | |||||
CVE-2016-7943 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. |