Fedoraproject: >> Fedora >> 25 Security Vulnerabilities
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
CVSS Score
5.9
EPSS Score
0.025
Published
2017-07-06
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-06
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-06-06
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
CVSS Score
8.8
EPSS Score
0.756
Published
2017-06-01
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
CVSS Score
8.8
EPSS Score
0.017
Published
2017-05-23
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.019
Published
2017-05-23
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
CVSS Score
9.8
EPSS Score
0.099
Published
2017-05-02
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-04-14
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVSS Score
7.5
EPSS Score
0.017
Published
2017-03-27
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
CVSS Score
7.8
EPSS Score
0.012
Published
2017-03-27