Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-10 | CVE-2017-6311 | NULL Pointer Dereference vulnerability in multiple products gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. | 7.5 |
| 2017-03-03 | CVE-2016-7972 | Resource Management Errors vulnerability in multiple products The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. | 7.5 |
| 2017-03-03 | CVE-2016-7970 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
| 2017-03-03 | CVE-2016-7969 | Out-of-bounds Read vulnerability in multiple products The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." | 7.5 |
| 2017-02-28 | CVE-2017-5885 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | 9.8 |
| 2017-02-28 | CVE-2017-5884 | Range Error vulnerability in multiple products gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | 7.8 |
| 2017-02-22 | CVE-2016-9956 | Improper Access Control vulnerability in multiple products The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | 7.5 |
| 2017-02-22 | CVE-2016-9400 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. | 9.8 |
| 2017-02-17 | CVE-2017-5357 | Use After Free vulnerability in multiple products regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. | 7.5 |
| 2017-02-17 | CVE-2016-6233 | SQL Injection vulnerability in multiple products The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. | 9.8 |