Fedoraproject: >> Fedora >> 21 Security Vulnerabilities
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
CVSS Score
6.5
EPSS Score
0.013
Published
2017-10-10
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
CVSS Score
4.7
EPSS Score
0.001
Published
2017-10-06
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
CVSS Score
4.3
EPSS Score
0.008
Published
2017-09-26
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
CVSS Score
3.1
EPSS Score
0.007
Published
2017-09-26
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-25
Cross-site request forgery in the REST API in IPython 2 and 3.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-09-20
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
CVSS Score
5.9
EPSS Score
0.092
Published
2017-09-19
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-09-06
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-08-25
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-08-25