Fedora 25

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.

Published: 2017-07-06T16:00:00.000Z
Updated: 2024-08-05T16:48:22.902Z

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Published: 2017-06-01T16:00:00.000Z
Updated: 2024-08-05T16:34:22.740Z

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

Published: 2017-02-28T18:00:00.000Z
Updated: 2024-08-05T15:11:48.908Z

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

Published: 2017-02-28T18:00:00.000Z
Updated: 2024-08-05T15:11:48.753Z

tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

Published: 2017-03-15T19:00:00.000Z
Updated: 2024-08-05T15:11:48.913Z

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-05T14:55:35.804Z

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

Published: 2017-03-27T15:00:00.000Z
Updated: 2024-08-05T14:55:35.795Z

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Published: 2017-08-23T14:00:00.000Z
Updated: 2024-08-05T18:12:40.456Z

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

Published: 2017-09-13T16:00:00.000Z
Updated: 2024-08-05T18:12:39.893Z

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Published: 2017-08-09T18:00:00.000Z
Updated: 2024-08-05T18:05:30.590Z

game-music-emu before 0.6.1 mishandles unspecified integer values.

Published: 2017-06-06T18:00:00.000Z
Updated: 2024-08-06T03:07:31.619Z

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

Published: 2017-06-06T18:00:00.000Z
Updated: 2024-08-06T03:07:31.835Z

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

Published: 2017-02-22T16:00:00.000Z
Updated: 2024-08-06T03:07:31.793Z

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

Published: 2017-01-12T23:00:00.000Z
Updated: 2024-08-06T02:50:36.759Z

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

Published: 2017-03-27T17:00:00.000Z
Updated: 2024-08-06T02:42:11.253Z

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:42:10.510Z

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:42:10.554Z

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Published: 2016-12-09T20:00:00.000Z
Updated: 2024-08-06T02:35:02.332Z

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Published: 2016-12-09T20:00:00.000Z
Updated: 2024-08-06T02:35:02.828Z

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:27:41.270Z

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:27:41.287Z

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

Published: 2017-01-12T22:00:00.000Z
Updated: 2024-08-06T02:27:41.247Z

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

Published: 2017-01-12T22:00:00.000Z
Updated: 2024-08-06T02:27:41.259Z

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.795Z

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.406Z

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.330Z

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.808Z

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

Published: 2017-03-03T16:00:00.000Z
Updated: 2024-08-06T02:13:21.828Z

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.

Published: 2016-12-23T22:00:00.000Z
Updated: 2024-08-06T02:13:21.538Z

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.136Z

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.532Z

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.552Z

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.558Z

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.128Z

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.319Z

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.789Z

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.322Z

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.529Z

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.517Z

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.110Z

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T02:13:21.749Z

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Published: 2017-01-19T20:00:00.000Z
Updated: 2024-08-06T02:04:54.960Z

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Published: 2017-01-19T20:00:00.000Z
Updated: 2024-08-06T02:04:54.955Z

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

Published: 2016-10-03T18:00:00.000Z
Updated: 2024-08-06T01:57:47.607Z

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Published: 2016-10-07T14:00:00.000Z
Updated: 2024-08-06T01:50:47.483Z

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Published: 2016-09-21T14:00:00.000Z
Updated: 2024-08-06T01:50:47.472Z

slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T01:43:38.418Z

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Published: 2016-10-03T18:00:00.000Z
Updated: 2024-08-06T01:29:20.087Z

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Published: 2016-10-07T14:00:00.000Z
Updated: 2024-08-06T01:29:18.318Z

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.

Published: 2017-04-14T18:00:00.000Z
Updated: 2024-08-06T01:22:20.922Z

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-06T01:22:20.678Z

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Published: 2017-03-23T16:00:00.000Z
Updated: 2024-08-06T01:22:20.639Z

The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.

Published: 2016-12-13T20:00:00.000Z
Updated: 2024-08-06T01:00:59.993Z

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

Published: 2016-09-07T20:00:00.000Z
Updated: 2024-08-06T01:01:00.162Z

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Published: 2016-11-10T21:00:00.000Z
Updated: 2025-11-04T16:09:08.278Z

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 2017-05-23T03:56:00.000Z
Updated: 2024-08-06T00:53:48.178Z

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

Published: 2017-05-23T03:56:00.000Z
Updated: 2024-08-06T00:53:48.254Z

Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.

Published: 2016-09-11T10:00:00.000Z
Updated: 2024-08-06T00:53:48.036Z

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-06T00:46:38.449Z

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass."

Published: 2016-08-09T21:00:00.000Z
Updated: 2024-08-05T23:47:58.958Z

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

Published: 2017-01-13T16:00:00.000Z
Updated: 2024-08-05T23:17:50.696Z

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Published: 2017-12-05T16:00:00.000Z
Updated: 2024-08-05T22:48:13.662Z

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

Published: 2017-05-02T14:00:00.000Z
Updated: 2024-08-06T03:14:42.836Z

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.

Published: 2017-03-24T15:00:00.000Z
Updated: 2024-08-06T03:14:41.311Z

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.

Published: 2017-01-12T23:00:00.000Z
Updated: 2024-08-06T03:07:31.883Z

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-07-25T18:00:00.000Z
Updated: 2024-08-06T06:41:08.383Z

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-08-02T19:00:00.000Z
Updated: 2024-08-06T06:41:07.991Z

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

Published: 2017-02-15T15:00:00.000Z
Updated: 2024-08-06T18:09:16.939Z