VYPR

Fedora

by Fedoraproject

CVEs (790)

  • CVE-2016-0720HigApr 21, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

  • CVE-2015-8567HigApr 13, 2017
    risk 0.50cvss 7.7epss 0.06

    Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2023-43615HigOct 7, 2023
    risk 0.49cvss 7.5epss 0.01

    Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

  • CVE-2023-25136MedFeb 3, 2023
    risk 0.49cvss 6.5epss 0.90

    OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd…

  • CVE-2022-3786HigNov 1, 2022
    risk 0.49cvss 7.5epss 0.91

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue…

  • CVE-2022-3602HigNov 1, 2022
    risk 0.49cvss 7.5epss 0.90

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to…

  • CVE-2022-29145HigMay 10, 2022
    risk 0.49cvss 7.5epss 0.05

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2022-29117HigMay 10, 2022
    risk 0.49cvss 7.5epss 0.05

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2022-24464HigMar 9, 2022
    risk 0.49cvss 7.5epss 0.03

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2021-45450HigDec 21, 2021
    risk 0.49cvss 7.5epss 0.01

    In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

  • CVE-2020-11022MedApr 29, 2020
    risk 0.49cvss 6.9epss 0.99

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

  • CVE-2015-8008HigDec 29, 2017
    risk 0.49cvss 7.5epss 0.03

    The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

  • CVE-2014-8119HigDec 29, 2017
    risk 0.49cvss 7.5epss 0.03

    The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

  • CVE-2015-1854HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.02

    389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

  • CVE-2017-6362HigSep 7, 2017
    risk 0.49cvss 7.5epss 0.05

    Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

  • CVE-2015-5705HigSep 6, 2017
    risk 0.49cvss 7.5epss 0.03

    Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

  • CVE-2017-13752HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13751HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13750HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.

  • CVE-2017-13749HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Page 9 of 40