Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-26 CVE-2015-5069 Information Exposure vulnerability in multiple products
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
network
low complexity
wesnoth fedoraproject CWE-200
4.3
2017-09-19 CVE-2015-3420 Improper Certificate Validation vulnerability in multiple products
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
network
high complexity
dovecot fedoraproject CWE-295
5.9
2017-08-25 CVE-2014-9637 Resource Management Errors vulnerability in multiple products
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
local
low complexity
fedoraproject mageia canonical gnu CWE-399
5.5
2017-08-24 CVE-2015-5146 Improper Input Validation vulnerability in multiple products
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
network
high complexity
fedoraproject debian ntp CWE-20
5.3
2017-08-22 CVE-2017-12843 Improper Input Validation vulnerability in multiple products
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
network
low complexity
cyrusimap fedoraproject CWE-20
6.5
2017-08-09 CVE-2017-11368 Reachable Assertion vulnerability in multiple products
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
network
low complexity
fedoraproject mit CWE-617
6.5
2017-08-02 CVE-2015-5203 Double Free vulnerability in multiple products
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
5.5
2017-07-25 CVE-2015-5221 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
5.5
2017-07-06 CVE-2017-8932 Incorrect Calculation vulnerability in multiple products
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points.
network
high complexity
golang fedoraproject novell opensuse CWE-682
5.9
2017-06-13 CVE-2016-3696 Information Exposure vulnerability in multiple products
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
local
low complexity
fedoraproject pulpproject CWE-200
5.5