Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-05-23 | CVE-2016-4001 | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. | Ubuntu_linux, Debian_linux, Fedora, Qemu | 8.6 | ||
| 2016-05-23 | CVE-2016-4037 | The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. | Ubuntu_linux, Debian_linux, Fedora, Qemu | 6.0 | ||
| 2016-06-03 | CVE-2016-3096 | The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | Fedora, Ansible | 7.8 | ||
| 2016-08-13 | CVE-2016-5384 | fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | Ubuntu_linux, Debian_linux, Fedora, Fontconfig | 7.8 | ||
| 2016-09-07 | CVE-2016-5404 | The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. | Fedora, Freeipa, Linux | 6.5 | ||
| 2016-09-26 | CVE-2016-3110 | mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | Fedora, Jboss_enterprise_application_platform, Jboss_enterprise_web_server | 7.5 | ||
| 2017-02-28 | CVE-2017-5884 | gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | Fedora, Gtk\-Vnc | 7.8 | ||
| 2017-02-28 | CVE-2017-5885 | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | Fedora, Gtk\-Vnc | 9.8 | ||
| 2017-04-14 | CVE-2016-6299 | The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | Fedora, Scm_plugin | 7.8 | ||
| 2017-04-21 | CVE-2016-0720 | Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | Pcs, Fedora, Enterprise_linux | 8.8 |