Search Results (Refine Search)
- CPE Product Version: cpe:/o:fedoraproject:fedora:23
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-0721 |
Session fixation vulnerability in pcsd in pcs before 0.9.157. Published: April 21, 2017; 11:59:00 AM -0400 |
V3.0: 8.1 HIGH V2.0: 4.3 MEDIUM |
CVE-2016-0720 |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Published: April 21, 2017; 11:59:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-6299 |
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. Published: April 14, 2017; 2:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-8567 |
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Published: April 13, 2017; 1:59:00 PM -0400 |
V3.1: 7.7 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-1839 |
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Published: April 13, 2017; 10:59:00 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2015-1838 |
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Published: April 13, 2017; 10:59:00 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2016-8884 |
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. Published: March 28, 2017; 10:59:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-9243 |
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. Published: March 27, 2017; 1:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-8887 |
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). Published: March 23, 2017; 2:59:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7972 |
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Published: March 03, 2017; 11:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-7970 |
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Published: March 03, 2017; 11:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-7969 |
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." Published: March 03, 2017; 11:59:00 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9400 |
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. Published: February 22, 2017; 11:59:00 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-6233 |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. Published: February 16, 2017; 9:59:13 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-4861 |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. Published: February 16, 2017; 9:59:13 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-8693 |
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. Published: February 15, 2017; 2:59:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-8690 |
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. Published: February 15, 2017; 2:59:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4797 |
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. Published: February 03, 2017; 11:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4796 |
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. Published: February 03, 2017; 11:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-9108 |
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Published: February 03, 2017; 10:59:00 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |