Fedora
CVEs (790)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7687 | Cri | 0.64 | 9.8 | 0.04 | Oct 16, 2017 | Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. | ||
| CVE-2017-12170 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding… | ||
| CVE-2017-11462 | Cri | 0.64 | 9.8 | 0.05 | Sep 13, 2017 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | ||
| CVE-2015-6816 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | ||
| CVE-2016-9961 | Cri | 0.64 | 9.8 | 0.04 | Jun 6, 2017 | game-music-emu before 0.6.1 mishandles unspecified integer values. | ||
| CVE-2016-5178 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2016-10243 | Cri | 0.64 | 9.8 | 0.07 | May 2, 2017 | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | ||
| CVE-2016-2173 | Cri | 0.64 | 9.8 | 0.06 | Apr 21, 2017 | org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | ||
| CVE-2017-5885 | Cri | 0.64 | 9.8 | 0.05 | Feb 28, 2017 | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a… | ||
| CVE-2016-9400 | Cri | 0.64 | 9.8 | 0.04 | Feb 22, 2017 | The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | ||
| CVE-2016-6233 | Cri | 0.64 | 9.8 | 0.02 | Feb 17, 2017 | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | ||
| CVE-2016-4861 | Cri | 0.64 | 9.8 | 0.04 | Feb 17, 2017 | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | ||
| CVE-2016-2090 | Cri | 0.64 | 9.8 | 0.03 | Jan 13, 2017 | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | ||
| CVE-2016-8606 | Cri | 0.64 | 9.8 | 0.04 | Jan 12, 2017 | The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | ||
| CVE-2016-7953 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2016 | Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | ||
| CVE-2016-7951 | Cri | 0.64 | 9.8 | 0.02 | Dec 13, 2016 | Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | ||
| CVE-2016-7950 | Cri | 0.64 | 9.8 | 0.03 | Dec 13, 2016 | The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. | ||
| CVE-2016-7949 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. | ||
| CVE-2016-7948 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | ||
| CVE-2016-7947 | Cri | 0.64 | 9.8 | 0.04 | Dec 13, 2016 | Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. |
- risk 0.64cvss 9.8epss 0.04
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
- risk 0.64cvss 9.8epss 0.02
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding…
- risk 0.64cvss 9.8epss 0.05
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
- risk 0.64cvss 9.8epss 0.04
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
- risk 0.64cvss 9.8epss 0.04
game-music-emu before 0.6.1 mishandles unspecified integer values.
- risk 0.64cvss 9.8epss 0.02
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.07
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
- risk 0.64cvss 9.8epss 0.06
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.05
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a…
- risk 0.64cvss 9.8epss 0.04
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
- risk 0.64cvss 9.8epss 0.02
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
- risk 0.64cvss 9.8epss 0.04
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
- risk 0.64cvss 9.8epss 0.03
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.04
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
- risk 0.64cvss 9.8epss 0.03
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
- risk 0.64cvss 9.8epss 0.02
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
- risk 0.64cvss 9.8epss 0.03
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
- risk 0.64cvss 9.8epss 0.04
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
- risk 0.64cvss 9.8epss 0.04
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
- risk 0.64cvss 9.8epss 0.04
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
Page 2 of 40