Filtered by vendor Fedoraproject
Subscriptions
Total
5374 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8932 | 5 Fedoraproject, Golang, Novell and 2 more | 5 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-20 | N/A |
| A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | ||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 7 Ubuntu Linux, Fedora, Jasper and 4 more | 2025-04-20 | 7.5 High |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | ||||
| CVE-2017-6311 | 2 Fedoraproject, Gnome | 2 Fedora, Gdk-pixbuf | 2025-04-20 | 7.5 High |
| gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. | ||||
| CVE-2017-7551 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-20 | N/A |
| 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | ||||
| CVE-2017-13748 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2025-04-20 | 7.5 High |
| There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | ||||
| CVE-2015-8567 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-20 | 7.7 High |
| Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | ||||
| CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13746 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13747 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13752 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-20 | N/A |
| In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | ||||
| CVE-2017-5885 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gtk-vnc, Enterprise Linux | 2025-04-20 | N/A |
| Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | ||||
| CVE-2016-9400 | 2 Fedoraproject, Teeworlds | 2 Fedora, Teeworlds | 2025-04-20 | 9.8 Critical |
| The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | ||||
| CVE-2017-1000001 | 1 Fedoraproject | 1 Fedmsg | 2025-04-20 | N/A |
| FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. | ||||
| CVE-2017-12843 | 2 Cyrusimap, Fedoraproject | 2 Cyrus Imap, Fedora | 2025-04-20 | N/A |
| Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | ||||
| CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2025-04-20 | N/A |
| The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | ||||
| CVE-2016-1254 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2025-04-20 | N/A |
| Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | ||||
| CVE-2016-6342 | 2 Elog Project, Fedoraproject | 2 Elog, Fedora | 2025-04-20 | 7.5 High |
| elog 3.1.1 allows remote attackers to post data as any username in the logbook. | ||||
| CVE-2016-8884 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. | ||||
| CVE-2016-3704 | 3 Fedoraproject, Pulpproject, Redhat | 4 Fedora, Pulp, Satellite and 1 more | 2025-04-20 | N/A |
| Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | ||||