Search Results (Refine Search)
- CPE Product Version: cpe:/o:fedoraproject:fedora:24
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-9243 |
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. Published: March 27, 2017; 1:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-8887 |
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). Published: March 23, 2017; 2:59:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-6225 |
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. Published: March 23, 2017; 12:59:00 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5849 |
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. Published: March 15, 2017; 3:59:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7972 |
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Published: March 03, 2017; 11:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-7970 |
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Published: March 03, 2017; 11:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-7969 |
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." Published: March 03, 2017; 11:59:00 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9956 |
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. Published: February 22, 2017; 11:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6233 |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. Published: February 16, 2017; 9:59:13 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-4861 |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. Published: February 16, 2017; 9:59:13 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-6866 |
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. Published: February 15, 2017; 2:59:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-7459 |
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Published: February 15, 2017; 10:59:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-4797 |
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. Published: February 03, 2017; 11:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4796 |
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. Published: February 03, 2017; 11:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-9108 |
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Published: February 03, 2017; 10:59:00 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9085 |
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Published: February 03, 2017; 10:59:00 AM -0500 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-8569 |
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Published: February 03, 2017; 10:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-8568 |
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Published: February 03, 2017; 10:59:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7543 |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. Published: January 19, 2017; 3:59:00 PM -0500 |
V3.0: 8.4 HIGH V2.0: 7.2 HIGH |
CVE-2016-2090 |
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. Published: January 13, 2017; 11:59:00 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |