Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2016-6299 Permissions, Privileges, and Access Controls vulnerability in multiple products
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
local
low complexity
fedoraproject mock-project CWE-264
7.8
2017-04-13 CVE-2015-8567 Memory Leak vulnerability in multiple products
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
7.7
2017-04-13 CVE-2015-1839 Data Processing Errors vulnerability in multiple products
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
local
low complexity
saltstack fedoraproject CWE-19
5.3
2017-04-13 CVE-2015-1838 Data Processing Errors vulnerability in multiple products
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
local
low complexity
saltstack fedoraproject CWE-19
5.3
2017-03-31 CVE-2014-9114 Command Injection vulnerability in multiple products
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
local
low complexity
opensuse fedoraproject kernel CWE-77
7.8
2017-03-28 CVE-2016-8884 NULL Pointer Dereference vulnerability in multiple products
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
local
low complexity
jasper-project fedoraproject CWE-476
5.5
2017-03-27 CVE-2016-9243 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
network
low complexity
cryptography-io fedoraproject canonical
7.5
2017-03-27 CVE-2017-5330 OS Command Injection vulnerability in multiple products
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
local
low complexity
fedoraproject kde CWE-78
7.8
2017-03-24 CVE-2016-10132 NULL Pointer Dereference vulnerability in multiple products
regexp.c in Artifex Software, Inc.
network
low complexity
artifex fedoraproject CWE-476
7.5
2017-03-23 CVE-2016-9399 Reachable Assertion vulnerability in multiple products
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
network
low complexity
jasper-project fedoraproject opensuse CWE-617
7.5