Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-06 | CVE-2016-9961 | game-music-emu before 0.6.1 mishandles unspecified integer values. | Fedora, Game\-Music\-Emu, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Leap, Leap | 9.8 | ||
| 2017-07-06 | CVE-2017-8932 | A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | Fedora, Go, Suse_package_hub_for_suse_linux_enterprise, Leap | 5.9 | ||
| 2017-07-17 | CVE-2017-1000050 | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | Ubuntu_linux, Fedora, Jasper, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2017-07-25 | CVE-2015-5221 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | Fedora, Jasper, Leap, Opensuse, Leap | 5.5 | ||
| 2017-08-02 | CVE-2015-5203 | Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | Fedora, Jasper, Leap, Opensuse, Leap | 5.5 | ||
| 2017-08-09 | CVE-2017-11368 | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | Fedora, Kerberos, Kerberos_5 | 6.5 | ||
| 2017-08-22 | CVE-2017-12843 | Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | Cyrus_imap, Fedora | 6.5 | ||
| 2017-08-23 | CVE-2017-11610 | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | Debian_linux, Fedora, Cloudforms, Supervisor | 8.8 | ||
| 2017-08-29 | CVE-2017-13746 | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | Fedora, Jasper | 7.5 | ||
| 2017-08-29 | CVE-2017-13747 | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | Fedora, Jasper | 7.5 |