Vulnerabilities > Fedoraproject > Fedora > 25
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-12 | CVE-2016-9299 | LDAP Injection vulnerability in multiple products The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | 9.8 |
2017-01-12 | CVE-2016-10027 | Race Condition vulnerability in multiple products Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. | 5.9 |
2017-01-12 | CVE-2016-8606 | Improper Access Control vulnerability in multiple products The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | 9.8 |
2017-01-12 | CVE-2016-8605 | Permission Issues vulnerability in multiple products The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. | 5.3 |
2016-12-23 | CVE-2016-7966 | Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. | 7.3 |
2016-12-13 | CVE-2016-7953 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. | 9.8 |
2016-12-13 | CVE-2016-7952 | Improper Access Control vulnerability in multiple products X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | 7.5 |
2016-12-13 | CVE-2016-7951 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | 9.8 |
2016-12-13 | CVE-2016-7950 | Out-of-bounds Write vulnerability in multiple products The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. | 9.8 |
2016-12-13 | CVE-2016-7949 | Out-of-bounds Write vulnerability in multiple products Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. | 9.8 |