Vulnerabilities > Fedoraproject > Fedora > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2017-12170 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. | 9.8 |
| 2017-09-13 | CVE-2017-11462 | Double Free vulnerability in multiple products Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | 9.8 |
| 2017-08-09 | CVE-2015-6816 | Improper Authentication vulnerability in multiple products ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | 9.8 |
| 2017-06-06 | CVE-2016-9961 | Numeric Errors vulnerability in multiple products game-music-emu before 0.6.1 mishandles unspecified integer values. network low complexity game-music-emu-project fedoraproject opensuse-project opensuse novell CWE-189 critical | 9.8 |
| 2017-05-23 | CVE-2016-5178 | Improper Input Validation vulnerability in multiple products Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2017-05-02 | CVE-2016-10243 | Improper Input Validation vulnerability in multiple products TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | 9.8 |
| 2017-04-21 | CVE-2016-2173 | Improper Input Validation vulnerability in multiple products org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | 9.8 |
| 2017-02-28 | CVE-2017-5885 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | 9.8 |
| 2017-02-22 | CVE-2016-9400 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | 9.8 |
| 2017-02-17 | CVE-2016-6233 | SQL Injection vulnerability in multiple products The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | 9.8 |