CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora » 23 : Security Vulnerabilities

Cpe Name:cpe:/o:fedoraproject:fedora:23
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-9400 119 Exec Code Overflow 2017-02-22 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
2 CVE-2016-9243 20 2017-03-27 2017-04-04
5.0
None Remote Low Not required None Partial None
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
3 CVE-2016-9108 190 DoS Overflow 2017-02-03 2017-02-07
5.0
None Remote Low Not required None None Partial
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
4 CVE-2016-8887 476 DoS 2017-03-23 2018-06-28
4.3
None Remote Medium Not required None None Partial
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
5 CVE-2016-8884 476 DoS 2017-03-28 2018-01-04
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
6 CVE-2016-8693 415 DoS Exec Code 2017-02-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
7 CVE-2016-8690 476 DoS 2017-02-15 2018-11-22
4.3
None Remote Medium Not required None None Partial
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
8 CVE-2016-8606 284 Exec Code 2017-01-12 2017-01-18
7.5
None Remote Low Not required Partial Partial Partial
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
9 CVE-2016-8605 275 2017-01-12 2017-01-18
5.0
None Remote Low Not required None Partial None
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
10 CVE-2016-8569 476 DoS 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
11 CVE-2016-8568 125 DoS 2017-02-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
12 CVE-2016-7972 399 DoS 2017-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
13 CVE-2016-7970 119 DoS Overflow 2017-03-03 2017-03-04
5.0
None Remote Low Not required None None Partial
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
14 CVE-2016-7969 125 DoS 2017-03-03 2018-10-30
5.0
None Remote Low Not required None None Partial
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
15 CVE-2016-7543 20 Exec Code 2017-01-19 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
16 CVE-2016-7167 190 Overflow 2016-10-07 2018-11-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
17 CVE-2016-7163 125 Exec Code Overflow 2016-09-21 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
18 CVE-2016-6855 787 DoS 2016-09-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
19 CVE-2016-6323 284 DoS 2016-10-07 2018-10-30
5.0
None Remote Low Not required None None Partial
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
20 CVE-2016-6299 264 +Priv Bypass 2017-04-14 2017-04-25
9.3
None Remote Medium Not required Complete Complete Complete
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
21 CVE-2016-6233 89 Sql 2017-02-16 2018-10-21
7.5
None Remote Low Not required Partial Partial Partial
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
22 CVE-2016-6185 284 Exec Code 2016-08-02 2018-05-01
4.6
None Local Low Not required Partial Partial Partial
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
23 CVE-2016-5766 190 DoS Overflow 2016-08-07 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
24 CVE-2016-5404 284 2016-09-07 2016-11-28
4.0
None Remote Low Single system None None Partial
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
25 CVE-2016-5391 476 DoS 2017-06-13 2017-06-21
5.0
None Remote Low Not required None None Partial
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
26 CVE-2016-5387 284 2016-07-18 2018-01-18
5.1
None Remote High Not required Partial Partial Partial
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
27 CVE-2016-5386 284 2016-07-18 2017-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
28 CVE-2016-5385 284 2016-07-18 2018-01-18
5.1
None Remote High Not required Partial Partial Partial
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
29 CVE-2016-5244 200 +Info 2016-06-27 2019-04-22
5.0
None Remote Low Not required Partial None None
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
30 CVE-2016-5157 119 Exec Code Overflow 2016-09-11 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
31 CVE-2016-4861 89 Sql 2017-02-16 2018-10-21
7.5
None Remote Low Not required Partial Partial Partial
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
32 CVE-2016-4797 369 DoS 2017-02-03 2017-02-07
4.3
None Remote Medium Not required None None Partial
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
33 CVE-2016-4796 119 DoS Overflow 2017-02-03 2017-02-07
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
34 CVE-2016-4414 DoS 2016-06-13 2018-10-30
5.0
None Remote Low Not required None None Partial
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
35 CVE-2016-4037 20 DoS 2016-05-23 2018-12-01
4.9
None Local Low Not required None None Complete
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
36 CVE-2016-4021 399 DoS 2016-05-26 2016-06-15
7.8
None Remote Low Not required None None Complete
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
37 CVE-2016-4008 399 DoS 2016-05-05 2018-10-30
4.3
None Remote Medium Not required None None Partial
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
38 CVE-2016-4002 119 DoS Exec Code Overflow Mem. Corr. 2016-04-26 2018-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
39 CVE-2016-4001 20 DoS Overflow 2016-05-23 2018-12-01
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
40 CVE-2016-3960 264 DoS Overflow +Priv 2016-04-19 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
41 CVE-2016-3959 20 DoS 2016-05-23 2018-10-30
5.0
None Remote Low Not required None None Partial
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
42 CVE-2016-3674 200 +Info 2016-05-17 2018-03-26
5.0
None Remote Low Not required Partial None None
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
43 CVE-2016-3630 19 Exec Code 2016-04-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
44 CVE-2016-3159 284 +Info 2016-04-13 2016-12-02
1.7
None Local Low Single system Partial None None
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
45 CVE-2016-3158 284 +Info 2016-04-13 2016-12-02
1.7
None Local Low Single system Partial None None
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
46 CVE-2016-3125 254 2016-04-05 2018-10-30
5.0
None Remote Low Not required Partial None None
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
47 CVE-2016-3096 59 +Priv 2016-06-03 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
48 CVE-2016-3075 119 DoS Overflow 2016-06-01 2018-10-30
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
49 CVE-2016-3071 20 DoS 2016-04-18 2017-02-06
5.0
None Remote Low Not required None None Partial
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.
50 CVE-2016-3069 20 Exec Code 2016-04-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
Total number of vulnerabilities : 144   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.