Vulnerabilities > Fedoraproject > Fedora > 25
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-15 | CVE-2016-8691 | Divide By Zero vulnerability in multiple products The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. | 5.5 |
| 2017-02-15 | CVE-2016-6866 | NULL Pointer Dereference vulnerability in multiple products slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. | 7.5 |
| 2017-02-15 | CVE-2013-7459 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | 9.8 |
| 2017-02-03 | CVE-2016-9108 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. | 7.5 |
| 2017-02-03 | CVE-2016-9085 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | 3.3 |
| 2017-02-03 | CVE-2016-8569 | NULL Pointer Dereference vulnerability in multiple products The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | 5.5 |
| 2017-02-03 | CVE-2016-8568 | Out-of-bounds Read vulnerability in multiple products The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | 5.5 |
| 2017-01-19 | CVE-2016-7545 | Improper Access Control vulnerability in multiple products SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 8.8 |
| 2017-01-19 | CVE-2016-7543 | Improper Input Validation vulnerability in multiple products Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | 8.4 |
| 2017-01-13 | CVE-2016-2090 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | 9.8 |