Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-9400

  • EPSS 3.42%
  • Veröffentlicht 22.02.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.

7.5

CVE-2016-9956

  • EPSS 1.89%
  • Veröffentlicht 22.02.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

7.5

CVE-2017-5357

  • EPSS 1.02%
  • Veröffentlicht 17.02.2017 02:59:14
  • Zuletzt bearbeitet 20.04.2025 01:37:25

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

9.8

CVE-2016-4861

Exploit
  • EPSS 3.98%
  • Veröffentlicht 17.02.2017 02:59:13
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

9.8

CVE-2016-6233

Exploit
  • EPSS 1.72%
  • Veröffentlicht 17.02.2017 02:59:13
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

7.5

CVE-2016-6866

  • EPSS 0.47%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

5.5

CVE-2016-8690

Exploit
  • EPSS 0.42%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

5.5

CVE-2016-8691

Exploit
  • EPSS 0.47%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

5.5

CVE-2016-8692

Exploit
  • EPSS 0.47%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

7.8

CVE-2016-8693

Exploit
  • EPSS 0.61%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.