Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.75%
  • Veröffentlicht 03.03.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

  • EPSS 5.19%
  • Veröffentlicht 03.03.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Exploit
  • EPSS 2.24%
  • Veröffentlicht 28.02.2017 18:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

Exploit
  • EPSS 4.99%
  • Veröffentlicht 28.02.2017 18:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColo...

  • EPSS 3.65%
  • Veröffentlicht 22.02.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.

  • EPSS 3.24%
  • Veröffentlicht 22.02.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

  • EPSS 3.04%
  • Veröffentlicht 17.02.2017 02:59:14
  • Zuletzt bearbeitet 13.05.2026 00:24:29

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

Exploit
  • EPSS 4.12%
  • Veröffentlicht 17.02.2017 02:59:13
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

Exploit
  • EPSS 2.05%
  • Veröffentlicht 17.02.2017 02:59:13
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

  • EPSS 2.89%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.