Fedoraproject: >> Fedora >> 23 Security Vulnerabilities
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVSS Score
7.5
EPSS Score
0.036
Published
2017-07-21
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
CVSS Score
7.5
EPSS Score
0.009
Published
2017-06-13
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.213
Published
2017-04-21
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-04-21
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-04-21
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-04-14
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVSS Score
7.7
EPSS Score
0.048
Published
2017-04-13
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-04-13
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-04-13
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-28