VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2019-5436HigMay 28, 2019
    risk 0.52cvss 7.8epss 0.50

    A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

  • CVE-2016-2334HigDec 13, 2016
    risk 0.52cvss 7.8epss 0.15

    Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

  • CVE-2008-3282HigAug 29, 2008
    risk 0.52cvss 7.8epss 0.11

    Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

  • CVE-2024-26988HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are…

  • CVE-2015-5704HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.01

    scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

  • CVE-2016-6299HigApr 14, 2017
    risk 0.51cvss 7.8epss 0.02

    The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

  • CVE-2017-5330HigMar 27, 2017
    risk 0.51cvss 7.8epss 0.03

    ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

  • CVE-2017-5884HigFeb 28, 2017
    risk 0.51cvss 7.8epss 0.02

    gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

  • CVE-2016-8693HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

  • CVE-2016-5384HigAug 13, 2016
    risk 0.51cvss 7.8epss 0.00

    fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

  • CVE-2016-6185HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

  • CVE-2016-1238HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10)…

  • CVE-2015-8868HigMay 6, 2016
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState…

  • CVE-2015-8106HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.04

    Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

  • CVE-2011-2520HigJul 21, 2011
    risk 0.51cvss 7.8epss 0.00

    fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

  • CVE-2009-3620HigOct 22, 2009
    risk 0.51cvss 7.8epss 0.00

    The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges…

  • CVE-2009-0115HigMar 30, 2009
    risk 0.51cvss 7.8epss 0.00

    The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka…

  • CVE-2022-34169HigJul 19, 2022
    risk 0.50cvss 7.5epss 0.18

    The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update…

  • CVE-2022-0204HigMar 10, 2022
    risk 0.50cvss 8.8epss 0.02

    A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

  • CVE-2015-5607HigSep 20, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery in the REST API in IPython 2 and 3.

Page 8 of 40