Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-01-12 | CVE-2016-9299 | The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | Fedora, Jenkins | 9.8 | ||
| 2017-01-13 | CVE-2016-2090 | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Libbsd | 9.8 | ||
| 2017-01-13 | CVE-2016-9811 | The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | Debian_linux, Fedora, Gstreamer, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 4.7 | ||
| 2017-01-19 | CVE-2016-7543 | Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | Fedora, Bash | 8.4 | ||
| 2017-01-19 | CVE-2016-7545 | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | Fedora, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_server_tus, Enterprise_linux_workstation, Selinux | 8.8 | ||
| 2017-01-23 | CVE-2016-9446 | The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | Fedora, Gstreamer, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2017-02-03 | CVE-2016-8568 | The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | Fedora, Libgit2, Leap, Opensuse, Linux_enterprise | 5.5 | ||
| 2017-02-03 | CVE-2016-8569 | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | Fedora, Libgit2, Leap, Opensuse, Linux_enterprise | 5.5 | ||
| 2017-02-03 | CVE-2016-9085 | Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | Fedora, Libwebp | 3.3 | ||
| 2017-02-03 | CVE-2016-9108 | Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. | Mujs, Fedora | 7.5 |