Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2016-8569 NULL Pointer Dereference vulnerability in multiple products
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
5.5
2017-02-03 CVE-2016-8568 Out-of-bounds Read vulnerability in multiple products
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
5.5
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
5.9
2017-01-13 CVE-2016-9811 Out-of-bounds Read vulnerability in multiple products
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
local
high complexity
gstreamer fedoraproject debian redhat CWE-125
4.7
2017-01-12 CVE-2016-10027 Race Condition vulnerability in multiple products
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
network
high complexity
igniterealtime fedoraproject CWE-362
5.9
2017-01-12 CVE-2016-8605 Permission Issues vulnerability in multiple products
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero.
network
low complexity
fedoraproject gnu CWE-275
5.3
2016-12-23 CVE-2016-2312 7PK - Security Features vulnerability in multiple products
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
6.8
2016-10-03 CVE-2016-6494 Information Exposure vulnerability in multiple products
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
local
low complexity
mongodb fedoraproject CWE-200
5.5
2016-09-26 CVE-2016-6153 Improper Input Validation vulnerability in multiple products
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
local
low complexity
sqlite fedoraproject opensuse CWE-20
5.9
2016-09-07 CVE-2016-5404 Improper Access Control vulnerability in multiple products
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
network
low complexity
freeipa oracle fedoraproject CWE-284
6.5