Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-28	CVE-2016-8884	NULL Pointer Dereference vulnerability in multiple products The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. local low complexity jasper-project fedoraproject CWE-476	5.5
2017-03-27	CVE-2016-9243	HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. network low complexity cryptography-io fedoraproject canonical	7.5
2017-03-27	CVE-2017-5330	OS Command Injection vulnerability in multiple products ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. local low complexity fedoraproject kde CWE-78	7.8
2017-03-24	CVE-2016-10132	NULL Pointer Dereference vulnerability in multiple products regexp.c in Artifex Software, Inc. network low complexity artifex fedoraproject CWE-476	7.5
2017-03-23	CVE-2016-9399	Reachable Assertion vulnerability in multiple products The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject opensuse CWE-617	7.5
2017-03-23	CVE-2016-9398	Reachable Assertion vulnerability in multiple products The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject suse opensuse CWE-617	7.5
2017-03-23	CVE-2016-9397	Reachable Assertion vulnerability in multiple products The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. network low complexity jasper-project fedoraproject CWE-617	7.5
2017-03-23	CVE-2016-8887	NULL Pointer Dereference vulnerability in multiple products The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). local low complexity jasper-project fedoraproject CWE-476	5.5
2017-03-23	CVE-2016-6225	Inadequate Encryption Strength vulnerability in multiple products xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. network high complexity percona opensuse fedoraproject CWE-326	5.9
2017-03-17	CVE-2015-4645	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. local low complexity squashfs-project fedoraproject CWE-190	5.5