VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2016-6866HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.03

    slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

  • CVE-2016-9108HigFeb 3, 2017
    risk 0.49cvss 7.5epss 0.03

    Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

  • CVE-2016-9446HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

  • CVE-2015-8854HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

  • CVE-2016-7952HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.02

    X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

  • CVE-2016-7946HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.03

    X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

  • CVE-2016-7945HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

  • CVE-2016-6323HigOct 7, 2016
    risk 0.49cvss 7.5epss 0.04

    The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by…

  • CVE-2016-3110HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.04

    mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

  • CVE-2016-5244HigJun 27, 2016
    risk 0.49cvss 7.5epss 0.06

    The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

  • CVE-2016-4414HigJun 13, 2016
    risk 0.49cvss 7.5epss 0.03

    The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

  • CVE-2016-3075HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.07

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

  • CVE-2016-1234HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.05

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

  • CVE-2016-4021HigMay 26, 2016
    risk 0.49cvss 7.5epss 0.02

    The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

  • CVE-2015-8853HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.03

    The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

  • CVE-2016-3959HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.04

    The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that…

  • CVE-2016-2850HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

  • CVE-2016-2849HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

  • CVE-2015-7827HigMay 13, 2016
    risk 0.49cvss 7.5epss 0.02

    Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

  • CVE-2016-3071HigApr 18, 2016
    risk 0.49cvss 7.5epss 0.03

    Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

Page 11 of 40