Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2016-7103

Exploit
  • EPSS 1.4%
  • Veröffentlicht 15.03.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

7.5

CVE-2017-6311

Exploit
  • EPSS 1.91%
  • Veröffentlicht 10.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

5.5

CVE-2017-6312

Exploit
  • EPSS 0.31%
  • Veröffentlicht 10.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to co...

7.1

CVE-2017-6313

Exploit
  • EPSS 0.33%
  • Veröffentlicht 10.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

5.5

CVE-2017-6314

Exploit
  • EPSS 0.42%
  • Veröffentlicht 10.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

7.5

CVE-2016-7969

  • EPSS 5.28%
  • Veröffentlicht 03.03.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

7.5

CVE-2016-7970

  • EPSS 1.31%
  • Veröffentlicht 03.03.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

7.5

CVE-2016-7972

  • EPSS 3.15%
  • Veröffentlicht 03.03.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

7.8

CVE-2017-5884

Exploit
  • EPSS 0.46%
  • Veröffentlicht 28.02.2017 18:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

9.8

CVE-2017-5885

Exploit
  • EPSS 0.65%
  • Veröffentlicht 28.02.2017 18:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColo...