Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-28 | CVE-2016-8884 | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. | Fedora, Jasper | 5.5 | ||
| 2017-03-31 | CVE-2014-9114 | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | Fedora, Util\-Linux, Opensuse | 7.8 | ||
| 2017-05-02 | CVE-2016-10243 | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | Debian_linux, Fedora, Tex_live | 9.8 | ||
| 2017-05-23 | CVE-2016-5177 | Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | Debian_linux, Fedora, Chrome, Leap, Opensuse, Enterprise_linux_server_supplementary, Enterprise_linux_workstation_supplementary | 8.8 | ||
| 2017-05-23 | CVE-2016-5178 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | Debian_linux, Fedora, Chrome, Leap, Opensuse, Enterprise_linux_server_supplementary, Enterprise_linux_workstation_supplementary | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2017-06-06 | CVE-2016-9960 | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | Fedora, Game\-Music\-Emu, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Leap, Leap | 5.5 | ||
| 2017-06-06 | CVE-2016-9961 | game-music-emu before 0.6.1 mishandles unspecified integer values. | Fedora, Game\-Music\-Emu, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Leap, Leap | 9.8 | ||
| 2017-07-06 | CVE-2017-8932 | A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. | Fedora, Go, Suse_package_hub_for_suse_linux_enterprise, Leap | 5.9 | ||
| 2017-07-17 | CVE-2017-1000050 | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | Ubuntu_linux, Fedora, Jasper, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 |