Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2016-06-01 CVE-2016-3075 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
network
low complexity
opensuse gnu fedoraproject canonical CWE-119
7.5
2016-06-01 CVE-2016-1234 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
network
low complexity
gnu opensuse fedoraproject CWE-119
7.5
2016-05-26 CVE-2016-4021 Resource Management Errors vulnerability in multiple products
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
network
low complexity
fedoraproject pgpdump-project CWE-399
7.5
2016-05-25 CVE-2015-8853 Improper Input Validation vulnerability in multiple products
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
network
low complexity
fedoraproject perl CWE-20
7.5
2016-05-23 CVE-2016-4001 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
network
low complexity
qemu canonical fedoraproject debian CWE-120
8.6
2016-05-23 CVE-2016-3959 Improper Input Validation vulnerability in multiple products
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
network
low complexity
opensuse golang fedoraproject CWE-20
7.5
2016-05-17 CVE-2016-3674 Information Exposure vulnerability in multiple products
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
network
low complexity
fedoraproject debian xstream-project CWE-200
7.5
2016-05-13 CVE-2016-2850 Improper Input Validation vulnerability in multiple products
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
network
low complexity
fedoraproject botan-project CWE-20
7.5
2016-05-13 CVE-2016-2849 Information Exposure vulnerability in multiple products
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
network
low complexity
debian fedoraproject botan-project CWE-200
7.5
2016-05-13 CVE-2015-7827 Information Exposure vulnerability in multiple products
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
network
low complexity
fedoraproject botan-project debian CWE-200
7.5