Filtered by vendor Fedoraproject
Subscribe
Total
5385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8691 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. | |||||
| CVE-2016-8692 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | |||||
| CVE-2016-8690 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. | |||||
| CVE-2016-9013 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. | |||||
| CVE-2016-8569 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | |||||
| CVE-2016-9014 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. | |||||
| CVE-2016-8887 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). | |||||
| CVE-2016-9085 | 2 Fedoraproject, Webmproject | 2 Fedora, Libwebp | 2023-11-07 | 2.1 LOW | 3.3 LOW |
| Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-8568 | 4 Fedoraproject, Libgit2 Project, Opensuse and 1 more | 5 Fedora, Libgit2, Leap and 2 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | |||||
| CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
| CVE-2016-7944 | 2 Fedoraproject, X.org | 2 Fedora, Libxfixes | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. | |||||
| CVE-2016-7970 | 2 Fedoraproject, Libass Project | 2 Fedora, Libass | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2016-7953 | 2 Fedoraproject, X.org | 2 Fedora, Libxvmc | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | |||||
| CVE-2016-7972 | 3 Fedoraproject, Libass Project, Opensuse | 4 Fedora, Libass, Leap and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. | |||||
| CVE-2016-7952 | 2 Fedoraproject, X.org | 2 Fedora, Libxtst | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | |||||
| CVE-2016-7947 | 2 Fedoraproject, X.org | 2 Fedora, Libxrandr | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | |||||
| CVE-2016-7946 | 2 Fedoraproject, X.org | 2 Fedora, Libxi | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | |||||
| CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2023-11-07 | 7.5 HIGH | 7.3 HIGH |
| Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | |||||
| CVE-2016-7950 | 2 Fedoraproject, X.org | 2 Fedora, Libxrender | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. | |||||
| CVE-2016-7943 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. | |||||