National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:fedoraproject:fedora:25
There are 67 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2016-1254

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Published: December 05, 2017; 11:29:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

Published: September 13, 2017; 12:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Published: August 23, 2017; 10:29:00 AM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-11368

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Published: August 09, 2017; 02:29:01 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: August 02, 2017; 03:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2015-5221

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: July 25, 2017; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.

Published: July 06, 2017; 12:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-9961

game-music-emu before 0.6.1 mishandles unspecified integer values.

Published: June 06, 2017; 02:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2016-9960

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

Published: June 06, 2017; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Published: June 01, 2017; 12:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2016-5178

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: May 23, 2017; 12:29:01 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-5177

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

Published: May 23, 2017; 12:29:01 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

Published: May 02, 2017; 10:59:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

Published: April 14, 2017; 02:59:00 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

Published: March 27, 2017; 01:59:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-5330

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

Published: March 27, 2017; 11:59:00 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-10132

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.

Published: March 24, 2017; 11:59:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Published: March 23, 2017; 12:59:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-5849

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

Published: March 15, 2017; 03:59:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-7972

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Published: March 03, 2017; 11:59:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM