Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-12-13 | CVE-2016-7947 | Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | Fedora, Libxrandr | 9.8 | ||
| 2016-12-13 | CVE-2016-7948 | X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | Fedora, Libxrandr | 9.8 | ||
| 2016-12-13 | CVE-2016-7949 | Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. | Fedora, Libxrender | 9.8 | ||
| 2016-12-13 | CVE-2016-7950 | The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. | Fedora, Libxrender | 9.8 | ||
| 2016-12-13 | CVE-2016-7951 | Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | Fedora, Libxtst | 9.8 | ||
| 2016-12-13 | CVE-2016-7952 | X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | Fedora, Libxtst | 7.5 | ||
| 2016-12-13 | CVE-2016-7953 | Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | Fedora, Libxvmc | 9.8 | ||
| 2016-12-13 | CVE-2016-2334 | Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. | 7\-Zip, Fedora, Solaris | 7.8 | ||
| 2016-12-23 | CVE-2016-7966 | Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | Debian_linux, Fedora, Kmail, Linux_enterprise | 7.3 | ||
| 2017-01-12 | CVE-2016-8605 | The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | Fedora, Guile | 5.3 |