Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5331 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-13746 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-5884 2 Fedoraproject, Gnome 2 Fedora, Gtk-vnc 2025-04-20 6.8 MEDIUM 7.8 HIGH
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVE-2016-9956 3 Debian, Fedoraproject, Flightgear 3 Debian Linux, Fedora, Flightgear 2025-04-20 5.0 MEDIUM 7.5 HIGH
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
CVE-2015-1854 2 Debian, Fedoraproject 3 Debian Linux, 389 Directory Server, Fedora 2025-04-20 5.0 MEDIUM 7.5 HIGH
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVE-2016-4797 2 Fedoraproject, Uclouvain 2 Fedora, Openjpeg 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
CVE-2015-5203 4 Fedoraproject, Jasper Project, Opensuse and 1 more 5 Fedora, Jasper, Leap and 2 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-1000001 1 Fedoraproject 1 Fedmsg 2025-04-20 5.0 MEDIUM 7.5 HIGH
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.
CVE-2016-9446 3 Fedoraproject, Gstreamer Project, Redhat 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2014-4978 2 Fedoraproject, Rawstudio 2 Fedora, Rawstudio 2025-04-20 3.6 LOW 5.5 MEDIUM
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.
CVE-2017-13749 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 5.0 MEDIUM 7.5 HIGH
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-7551 1 Fedoraproject 1 389 Directory Server 2025-04-20 5.0 MEDIUM 9.8 CRITICAL
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
CVE-2015-1839 2 Fedoraproject, Saltstack 2 Fedora, Salt 2025-04-20 4.6 MEDIUM 5.3 MEDIUM
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2016-7970 2 Fedoraproject, Libass Project 2 Fedora, Libass 2025-04-20 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2017-6313 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 5.8 MEDIUM 7.1 HIGH
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2016-9397 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 5.0 MEDIUM 7.5 HIGH
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2015-7687 2 Fedoraproject, Openbsd 2 Fedora, Opensmtpd 2025-04-20 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
CVE-2016-9960 5 Fedoraproject, Game-music-emu Project, Novell and 2 more 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more 2025-04-20 2.1 LOW 5.5 MEDIUM
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2015-3420 2 Dovecot, Fedoraproject 2 Dovecot, Fedora 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
CVE-2016-4861 2 Fedoraproject, Zend 2 Fedora, Zend Framework 2025-04-20 7.5 HIGH 9.8 CRITICAL
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
CVE-2016-7103 7 Debian, Fedoraproject, Jqueryui and 4 more 13 Debian Linux, Fedora, Jquery Ui and 10 more 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.