Total
5283 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
CVE-2017-5849 | 2 Fedoraproject, Netpbm Project | 2 Fedora, Netpbm | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. | |||||
CVE-2016-8690 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. | |||||
CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 13 Debian Linux, Fedora, Ntp and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | |||||
CVE-2016-9961 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
game-music-emu before 0.6.1 mishandles unspecified integer values. | |||||
CVE-2015-1854 | 2 Debian, Fedoraproject | 3 Debian Linux, 389 Directory Server, Fedora | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | |||||
CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2014-9637 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Patch and 1 more | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | |||||
CVE-2016-9400 | 2 Fedoraproject, Teeworlds | 2 Fedora, Teeworlds | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | |||||
CVE-2016-9399 | 3 Fedoraproject, Jasper Project, Opensuse | 3 Fedora, Jasper, Leap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |||||
CVE-2016-9108 | 2 Artifex, Fedoraproject | 2 Mujs, Fedora | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. | |||||
CVE-2013-7459 | 2 Dlitz, Fedoraproject | 2 Pycrypto, Fedora | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | |||||
CVE-2016-9243 | 3 Canonical, Cryptography.io, Fedoraproject | 3 Ubuntu Linux, Cryptography, Fedora | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | |||||
CVE-2014-9092 | 3 Canonical, Fedoraproject, Libjpeg-turbo | 3 Ubuntu Linux, Fedora, Libjpeg-turbo | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | |||||
CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
CVE-2016-6225 | 3 Fedoraproject, Opensuse, Percona | 3 Fedora, Leap, Xtrabackup | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. | |||||
CVE-2017-8932 | 4 Fedoraproject, Golang, Novell and 1 more | 4 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | |||||
CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | |||||
CVE-2016-9960 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | |||||
CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. |