Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 3323 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7459 2 Dlitz, Fedoraproject 2 Pycrypto, Fedora 2017-07-01 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
CVE-2013-2207 2 Fedoraproject, Gnu 2 Fedora, Glibc 2017-07-01 2.6 LOW N/A
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
CVE-2016-5391 2 Fedoraproject, Libreswan 2 Fedora, Libreswan 2017-06-21 5.0 MEDIUM 7.5 HIGH
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
CVE-2016-3095 2 Fedoraproject, Pulpproject 2 Fedora, Pulp 2017-06-15 2.1 LOW 5.5 MEDIUM
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CVE-2016-0721 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2017-04-27 4.3 MEDIUM 8.1 HIGH
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVE-2016-0720 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2017-04-27 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
CVE-2016-6299 2 Fedoraproject, Mock Project 2 Fedora, Scm Plugin 2017-04-25 9.3 HIGH 7.8 HIGH
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
CVE-2015-1839 2 Fedoraproject, Saltstack 2 Fedora, Salt 2017-04-19 4.6 MEDIUM 5.3 MEDIUM
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2015-1838 2 Fedoraproject, Saltstack 2 Fedora, Salt 2017-04-19 4.6 MEDIUM 5.3 MEDIUM
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2017-5849 2 Fedoraproject, Netpbm Project 2 Fedora, Netpbm 2017-04-07 4.3 MEDIUM 5.5 MEDIUM
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.
CVE-2016-9243 3 Canonical, Cryptography.io, Fedoraproject 3 Ubuntu Linux, Cryptography, Fedora 2017-04-04 5.0 MEDIUM 7.5 HIGH
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVE-2017-5330 2 Fedoraproject, Kde 2 Fedora, Ark 2017-03-31 6.8 MEDIUM 7.8 HIGH
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
CVE-2016-10132 2 Artifex, Fedoraproject 2 Mujs, Fedora 2017-03-27 5.0 MEDIUM 7.5 HIGH
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
CVE-2016-7970 2 Fedoraproject, Libass Project 2 Fedora, Libass 2017-03-04 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2015-8836 2 Fedoraproject, Fuseiso Project 2 Fedora, Fuseiso 2017-02-19 6.8 MEDIUM 7.3 HIGH
Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.
CVE-2017-5357 2 Fedoraproject, Gnu 2 Fedora, Ed 2017-02-17 5.0 MEDIUM 7.5 HIGH
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.
CVE-2016-6866 2 Fedoraproject, Suckless 2 Fedora, Slock 2017-02-17 5.0 MEDIUM 7.5 HIGH
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
CVE-2014-9527 2 Apache, Fedoraproject 2 Poi, Fedora 2017-02-11 5.0 MEDIUM N/A
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
CVE-2016-3071 2 Fedoraproject, Libreswan 2 Fedora, Libreswan 2017-02-07 5.0 MEDIUM 7.5 HIGH
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.
CVE-2016-8606 2 Fedoraproject, Gnu 2 Fedora, Guile 2017-01-18 7.5 HIGH 9.8 CRITICAL
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.