Fedoraproject » Fedora » 25 : Security Vulnerabilities, CVEs, (Code Execution)
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
Max CVSS
9.8
EPSS Score
0.54%
Published
2017-02-28
Updated
2023-02-12
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
Max CVSS
7.8
EPSS Score
0.23%
Published
2017-02-28
Updated
2023-02-12
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
Max CVSS
7.8
EPSS Score
1.65%
Published
2017-03-27
Updated
2017-03-31
CVE-2016-9299
Public exploit
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
Max CVSS
9.8
EPSS Score
63.29%
Published
2017-01-12
Updated
2019-05-22
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
Max CVSS
9.8
EPSS Score
1.05%
Published
2017-01-12
Updated
2017-01-18
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
Max CVSS
7.8
EPSS Score
1.10%
Published
2016-09-21
Updated
2022-04-07
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
Max CVSS
8.8
EPSS Score
3.16%
Published
2016-09-11
Updated
2018-10-30
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Max CVSS
9.8
EPSS Score
1.43%
Published
2017-02-15
Updated
2017-07-01
8 vulnerabilities found