Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 5.9 |
| 2017-01-13 | CVE-2016-9811 | Out-of-bounds Read vulnerability in multiple products The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | 4.7 |
| 2017-01-12 | CVE-2016-10027 | Race Condition vulnerability in multiple products Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. | 5.9 |
| 2017-01-12 | CVE-2016-8605 | Permission Issues vulnerability in multiple products The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. | 5.3 |
| 2016-12-23 | CVE-2016-2312 | 7PK - Security Features vulnerability in multiple products Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | 6.8 |
| 2016-10-03 | CVE-2016-6494 | Information Exposure vulnerability in multiple products The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | 5.5 |
| 2016-09-26 | CVE-2016-6153 | Improper Input Validation vulnerability in multiple products os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | 5.9 |
| 2016-09-07 | CVE-2016-5404 | Improper Access Control vulnerability in multiple products The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. | 6.5 |
| 2016-08-09 | CVE-2016-3320 | 7PK - Security Features vulnerability in multiple products Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass." | 4.9 |
| 2016-07-19 | CVE-2016-2775 | Improper Input Validation vulnerability in multiple products ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | 5.9 |